Pwn2Own hacker uses 5 zero-days to hack Galaxy S24 smartphones
Elite hackers gathered in Ireland this week for a hacking competition known as Pwn2Own. There are two attractions. Over $1,000,000 in prize money is up for grabs, but more importantly is the honor that comes with earning the title of Master of Pwn. One of the most high-profile zero-day hacks occurred on October 23rd. NCC Group’s Ken Gannon exploited five security vulnerabilities to gain shell access and access arbitrary applications.
What is Pwn2Own?
Pwn2Own is a hacking event with a history dating back to 2007 that brings together some of the best ethical hackers and security researchers on the planet. The twice-yearly event brings together these elite hackers to “buy” targeted devices, such as this year’s Samsung Galaxy S24, with zero-day exploits. These are security attacks that exploit vulnerabilities that device vendors and security experts don’t yet know exist. Samsung has a history of being acquired during these events as it is one of the sponsors who are quick to part with devices to find security vulnerabilities that they don’t know about, ultimately helping protect end users. There is.
Samsung Galaxy S24 Irish Zero Day
In previous events, the Samsung Galaxy S10 was hacked, the Samsung Galaxy S22 was hacked twice in 24 hours, and recently the Samsung Galaxy S23 fell into the hands of the hacking elite. Now you can add your Samsung Galaxy S24 smartphone to the pwned list.
This is good. Especially when it comes to valuable zero-days, it means one less exploit waiting to be discovered for cybercriminal hackers to run wild with or, as is often the case, sell it to the highest bidder. Of course, money plays a role here, with Ganonji being given a $50,000 bounty for the exploit in question. The technical details of this exploit are being kept confidential by Samsung and the Trend Micro Zero-Day Initiative, the organizers of Pwn2Own. Samsung will have a 90-day grace period to patch the vulnerability before the proof of concept and details of the exploit are released to the public.
