Samsung Galaxy S24 Smartphone Hacked During $1 Million Zero Day Spree

    5
    0
    Samsung Galaxy S24 Smartphone Hacked During  Million Zero Day Spree


    Update, Oct. 26, 2024: This story, originally published Oct. 24, includes the final results of the Pwn2Own Ireland 2024 hacking event.

    Elite hackers have gathered in Ireland this week for a hacking competition known as Pwn2Own. The lure is twofold: more than $1,000,000 in bounty rewards to be won, but more importantly, the kudos that come with being awarded the title of Master of Pwn. One of the highest-profile hacks to have been pulled off during the zero-day hacking spree happened on Oct. 23, as Ken Gannon of the NCC Group exploited five security vulnerabilities to compromise a Samsung Galaxy 24 smartphone by getting shell access and installing an arbitrary application.

    ForbesNSA Tells iPhone And Android Users: Reboot Your Device Now

    What Is Pwn2Own?

    Pwn2Own is a hacking event with a history stretching back to 2007 and attracting some of the best ethical hackers and security researchers on the planet. The twice-yearly event brings these elite hackers together to “pwn” target devices, including the Samsung Galaxy S24 this year, by employing zero-day exploits against them. These are security attacks that use vulnerabilities device vendors and security professionals alike are not yet aware exist. Samsung has a history of being pwned during these events as it is one of the sponsors that readily give up their devices to find any security vulnerabilities unknown to the company, and so ultimately help protect end users.

    ForbesNew Cybersecurity Warning As 1,000 Elite Hackers Embrace AI

    The Samsung Galaxy S24 Irish Zero-Day

    Previous events have seen a Samsung Galaxy S10 hacked, the Samsung Galaxy S22 hacked twice in 24 hours, and most recently a Samsung Galaxy S23 fall to the hacking elite. Now the Samsung Galaxy S24 smartphone can be added to the pwned list.

    This is a good thing, as it means there is one less exploit waiting to be discovered by cybercriminal hackers to either run riot with or, as is often the case, sell to the highest bidder when it comes to particularly valuable zero-days. Money plays a part here, of course, with Gannonj being awarded a bounty of $50,000 for the exploit in question. The technical details of the exploit will be kept close to the chest of Samsung, and the Pwn2Own organisers the Trend Micro Zero-Day Initiative. Samsung will be given a 90 day grace period during which the vulnerabilities can be patched before the exploit proof of concept and details can be disclosed publicly.

    ForbesNew Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed

    Pwn2Own Ireland 2024 Is Over—Samsung Galaxy S24 Hacked Just The Once

    Whereas in previous years there have been multiple successes when it comes to hacking the Samsung Galaxy S24 smartphone, this year’s event from Ireland has now wrapped up with just that single successful compromise. With a total of $1,066,625 awarded in bounties for disclosing an incredible 70+ zero-day vulnerabilities, the focus has mostly been on network storage devices and printers. It will be interesting to see what happens at the next Pwn2Own competition in Tokyo, scheduled to take place between Jan. 22 – 24, 2025, if more emphasis is back on smartphones.

    Hackers comprising the Viettel Cyber Security team for won the overall Master of Pwn title with 33 points and, are you ready, a stonking great $205,000 in cash money.

    “That makes 4 contests in a row that exceeded the million-dollar mark,” a ZDI spokesperson said.

    ForbesNew Gmail Security Warning As 10-Second Hackers Strike



    Source link

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here