Carding 4 Carders
Professional
Samsung with the latest OS version and all updates failed the pen test.
On the first day of the Pwn2Own 2023 competition in Toronto, Canada, security researchers hacked the Samsung Galaxy S23 smartphone twice. They also demonstrated exploits and vulnerability chains in the Xiaomi 13 Pro smartphone, as well as in printers, smart speakers, network attached storage (NAS) devices, and video surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos.
Pentest Limited was the first company to demonstrate zero day on the flagship Samsung Galaxy S23 device, using an incorrect input verification error to execute the code, for which it received $50,000 and 5 Master of Pwn points.
TweetaboutSamsung by team
The STAR Labs SG team also exploited the list of allowed logins for hacking the Samsung Galaxy S23, earning $25,000 (half the prize for the second round of attacks on the same device) and 5 Master of Pwn points.
Tweet about by STAR Labs SG team
The organizers explained that while only the first demo in the category wins the full cash award, each successful work requires the full number of Master of Pwn points. Since the order of attempts is determined randomly, participants who receive later slots can still claim the title of Master of Pwn, even if they earn a smaller cash prize.
According to the rules of the Pwn2Own Toronto 2023 contest, all target devices run the latest versions of the operating system with all installed security updates. On the first day of the contest, prizes worth $438,750 were awarded for 23 successfully demonstrated zero-day vulnerabilities.
During the Pwn2Own Toronto 2023 event hosted by Trend Micro's Zero Day Initiative (ZDI), participants could target mobile and IoT devices. The full list includes smartphones (such as the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Pro), printers, wireless routers, network attached storage (NAS) devices, home automation systems, video surveillance systems, smart speakers, and Google Pixel Watch and Chromecast devices, all in their standard configuration and with the latest security updates.
The highest rewards are provided for zero-day bugs in the mobile phone category: cash prizes of up to $300,000 for hacking the iPhone 14 and $250,000 for hacking the Pixel 7, and the total pool is more than $1,000,000. The full schedule of Pwn2Own Toronto 2023 and the results of each challenge are shown on this page.
In March, during the Pwn2Own competition in Vancouver, Canada, security researchers successfully demonstrated zero-day exploits for the Tesla Model 3, Windows 11, and macOS in a bid for the top prize of $375,000 and a Tesla Model 3 car.
On the first day of the Pwn2Own 2023 competition in Toronto, Canada, security researchers hacked the Samsung Galaxy S23 smartphone twice. They also demonstrated exploits and vulnerability chains in the Xiaomi 13 Pro smartphone, as well as in printers, smart speakers, network attached storage (NAS) devices, and video surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos.
Pentest Limited was the first company to demonstrate zero day on the flagship Samsung Galaxy S23 device, using an incorrect input verification error to execute the code, for which it received $50,000 and 5 Master of Pwn points.
TweetaboutSamsung by team
The STAR Labs SG team also exploited the list of allowed logins for hacking the Samsung Galaxy S23, earning $25,000 (half the prize for the second round of attacks on the same device) and 5 Master of Pwn points.
Tweet about by STAR Labs SG team
The organizers explained that while only the first demo in the category wins the full cash award, each successful work requires the full number of Master of Pwn points. Since the order of attempts is determined randomly, participants who receive later slots can still claim the title of Master of Pwn, even if they earn a smaller cash prize.
According to the rules of the Pwn2Own Toronto 2023 contest, all target devices run the latest versions of the operating system with all installed security updates. On the first day of the contest, prizes worth $438,750 were awarded for 23 successfully demonstrated zero-day vulnerabilities.
During the Pwn2Own Toronto 2023 event hosted by Trend Micro's Zero Day Initiative (ZDI), participants could target mobile and IoT devices. The full list includes smartphones (such as the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Pro), printers, wireless routers, network attached storage (NAS) devices, home automation systems, video surveillance systems, smart speakers, and Google Pixel Watch and Chromecast devices, all in their standard configuration and with the latest security updates.
The highest rewards are provided for zero-day bugs in the mobile phone category: cash prizes of up to $300,000 for hacking the iPhone 14 and $250,000 for hacking the Pixel 7, and the total pool is more than $1,000,000. The full schedule of Pwn2Own Toronto 2023 and the results of each challenge are shown on this page.
In March, during the Pwn2Own competition in Vancouver, Canada, security researchers successfully demonstrated zero-day exploits for the Tesla Model 3, Windows 11, and macOS in a bid for the top prize of $375,000 and a Tesla Model 3 car.
