Samsung Galaxy S24 smartphone hacked during $1 million zero-day spread

Update, October 26, 2024: This story, originally published on October 24, contains the final results of the Pwn2Own Ireland 2024 hacking event.

Elite hackers gathered in Ireland this week for a hacking competition called Pwn2Own. The lure is twofold: there are more than $1,000,000 in bounties to be won, but more importantly, the praise that comes with being awarded the title of Master of Pwn. One of the most famous hacks carried out during the zero-day hacker attack occurred on October 23, when Ken Gannon of NCC Group exploited five security vulnerabilities to compromise a Samsung Galaxy 24 smartphone by hijacking its shell -Gained access and installed an arbitrary application.

ForbesNSA urges iPhone and Android users: Restart your device nowFrom Davey Winder

What is Pwn2Own?

Pwn2Own is a hacking event with a history dating back to 2007 and attracts some of the best ethical hackers and security researchers in the world. The twice-yearly event brings together these elite hackers to “pwn” target devices, including this year the Samsung Galaxy S24, by using zero-day exploits against them. These are security attacks that exploit vulnerabilities that both device manufacturers and security experts do not yet know exist. Samsung has often been denounced in these events, as the company is one of the sponsors who willingly give up their devices to find vulnerabilities that the company is not aware of, ultimately helping to protect end users.

ForbesNew cybersecurity alert: 1,000 elite hackers rely on AIFrom Davey Winder

The Samsung Galaxy S24 Irish Zero Day

In previous events, a Samsung Galaxy S10 was hacked, the Samsung Galaxy S22 was hacked twice within 24 hours and most recently a Samsung Galaxy S23 fell victim to the hacker elite. Now the Samsung Galaxy S24 smartphone can be added to the pwned list.

That’s a good thing, because it means there’s one less exploit waiting to be discovered by cybercriminal hackers that they can either play around with or, as is often the case, sell to the highest bidder when it’s particularly valuable Zero days is possible. Of course, money plays a role here, as Gannonj receives a $50,000 bounty for the exploit in question. The technical details of the exploit are being kept secret by Samsung and the Pwn2Own organizers of the Trend Micro zero-day initiative. Samsung will be given a 90-day grace period to patch the vulnerabilities before the exploit’s proof-of-concept and details can be publicly disclosed.

ForbesNew Gmail security warning for 2.5 billion users, AI hack confirmsFrom Davey Winder

Pwn2Own Ireland 2024 is over – Samsung Galaxy S24 was only hacked once

While there have been several successes in hacking the Samsung Galaxy S24 smartphone in previous years, this year’s event from Ireland was able to conclude with exactly this single successful compromise. With a total of $1,066,625 in bounties for disclosing over 70 zero-day vulnerabilities, the focus was primarily on network storage devices and printers. It will be interesting to see what happens at the next Pwn2Own competition in Tokyo, scheduled to take place January 22-24, 2025, when the focus will be more on smartphones again.

The Viettel Cyber ​​Security team hackers won the overall Master of Pwn title with 33 points and, get ready, a whopping $205,000 in cash.

“These are four competitions in a row that have exceeded the million mark,” said a ZDI spokesman.

ForbesNew Gmail security alert as a 10-second hacker attackFrom Davey Winder