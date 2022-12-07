The Pwn2Own hacking competition in Toronto this year saw two teams successfully exploit a zero-day vulnerability on Samsung’s Galaxy S22 smartphone, Bleeping Computer reports.

The Galaxy S22 devices ran the latest version of the Android operating system with all available updates installed.

The first team to successfully exploit the flaw — STAR Labs — did so on their third attempt and managed to execute their improper input validation attack on the device.

They took home $50,000 (R868,000) and five Master of Pwn points for their achievement.

Chim — another competing team — was also able to successfully exploit a flaw relating to the Galaxy S22, enabling them to execute an improper input validation attack.

Chim took home $25,000 (R434,000) and five Master of Pwn points.

“The first winner on each target will receive the full cash award and the devices under test,” the competition’s organisers said.

“For the second and subsequent rounds on each target, all other winners will receive 50% of the prize package, however, they will still earn the full Master of Pwn points.”

During the competition’s opening day, contestants also exploited zero-day vulnerabilities in printers and routers from various manufacturers.

The competition started on Tuesday, 6 December 2022, and will run until Friday, 9 December.

The largest payouts are up for grabs in the mobile phone category, with organisers offering cash prizes of up to $200,000 (R3.5 million) for successfully hacking Apple iPhone 13 and Google Pixel 6 smartphones.

Contestants also stand a chance to earn a $50,000 (R868,000) cash bonus for executing their attacks with kernel-level privilege.

