Our cell phones have become essential items and store a lot of important information. Therefore, companies such as samsung, invest heavily in security on an ongoing basis to protect user data. But this does not mean that the products are impenetrable: the galaxy s22 was hacked twice in a row at a cybersecurity event, Pw2Own Toronto 2022.
The 10th edition of the event, which takes place in Toronto, Canada, brings together several professionals from the sector to talk about security in the digital environment. At these fairs, disputes also take place to see who can overcome device barriers first.
Afterwards, this information is sent to the manufacturers so that they can improve the protection of their products.
In this area, the Galaxy S22 was the target on the first day of the event. During the fair, the STAR Labs group discovered and explored a zero-day failure (bugs not yet run and potentially dangerous) of the cell phone that was completely up to date.
The exploit discovered by the group opened the door for an attack on the third attempt. As a reward, the team won US$50,000 (about R$260,500 in direct conversion).
But this was not the only moment that caught the attention of the competition promoted by Trend Micro’s Zero Day Initiative.
In the second act promoted by another group, Chim managed to overcome the obstacles of the Galaxy S22 for the second time and won half of the prize.
Both participants earned 5 Master of Pwn points.
Calm down, the Galaxy S22 is a secure phone
The Pwn2Own Toronto event brought together big names in the digital security market. Through it, hackers around the world can explore holes in numerous products, systems and the like to attest to the level of security.
The big question is that there is no impenetrable system.
After all, no matter how hard the developers try, there are always chances of something going unnoticed. And this is where the role of “good hackers” comes in, who take these products to the limit to find hidden problems.
Of course, none of this is done for free. At the Toronto event, for example, the Zero Day Initiative paid rewards to professionals who discovered the flaws.
After the attacks, the information is taken to the manufacturers. That is, all this helps to further strengthen the protection of products. After all, to make a security fix, someone has to figure out the problem first, right?
Samsung has its own rewards program
The show isn’t the only venue offering rewards to cybersecurity professionals. Samsung itself has its own initiative, with prizes ranging between US$ 200 and US$ 200 thousand.
“Generally, the more serious problems, the more rewards will be offered,” they explained in the program website🇧🇷 “However, to estimate the value of bounties, we consider several factors, including severity level such as report quality, impacted scope, difficulty of attacks, and so on. Thus, a well-qualified lower-severity issue can get more reward than a higher-severity issue.”
Other companies follow the same path. Apple, for example, can give up to US$ 2 million, depending on the level of severity of the incident.
With information: Bleeping Computer and Zero Day Initiative