Contestants have hacked a Samsung Galaxy S22 smartphone twice on the first day of Pwn2Own Toronto 2022, the 10th edition of the consumer-focused event.
The STAR Labs team was first to use successfully zero day on a Samsung flagship by performing a wrong input validation attack on the third attempt, earning $50,000 and 5 Master of Pwn points.
Another contestant, Chim, too demonstrated successful operation targeted the Samsung Galaxy S22 and was able to perform a botched input validation attack, earning $25,000 (50% of the prize for the second round of targeting the same device) and 5 Master of Pwn points.
“The first winner in each goal will receive the full prize money and the devices to be tested,” explain the organizers of the competition.
“In the second and subsequent rounds of each objective, all other winners will receive 50% of the prize package, however they will still earn full Master of Pwn points.”
In accordance with the terms of the competition, in both cases the Galaxy S22 devices were running the latest version of the Android operating system with all available updates installed.
Contestants have also successfully demonstrated exploits targeting zero-day bugs in printers and routers from multiple vendors, including Canon, Mikrotik, NETGEAR, TP-Link, Lexmark, Synology, and HP, on this first day of the competition.
The competition has been extended to four days
Pwn2Own Toronto security researchers can target cell phones, home automation hubs, printers, wireless routers, network-attached storage, smart speakers, and other devices, all up-to-date and in their default configuration.
They can win top prizes in the mobile phone category with cash prizes of up to $200,000 for hacking the Google Pixel 6 and Apple iPhone 13 smartphones.
Hacking Google and Apple devices can also provide $50,000 bonuses if exploits are executed with kernel-level privileges, increasing the maximum reward per challenge to $250,000 for a full exploit chain with kernel-level access.
Pwn2Own Toronto’s consumer-focused event has been extended to four days (Dec. 6-8) after 26 teams and participants signed up to take on 66 targets across all categories.
The full competition schedule can be found here. Here’s the full schedule for Day 1 of Pwn2Own Toronto 2022 and the results for each challenge.
On the second day of the competition, the Samsung Galaxy S22 will be tested again by hackers from the vulnerability research firm Interrupt Labs.
