Hacking Contest Awards R1.4 million to Analysts for Exposing Galaxy S23 Zero-Day Flaw

The annual Pwn2Own hacking competition held in Toronto bore witness to extraordinary skill as two teams emerged victorious, mining security loopholes on Samsung's latest, the Galaxy S23.

Established tech security companies, Pentest Limited and STAR Labs SG, exploited fundamental zero-day vulnerabilities, earning favour and finance at the event. Accumulatively, they walked away with a staggering $75,000 (R1.4 million) in awards for their innovation.

The glory of being the first to uncover a Galaxy S23 zero-day weakness and execute a successful code was nabbed by Pentest Limited. Their method employed a unique approach through improper input validation, which earned them a $50,000 (R950,000) cash reward and five coveted Master of Pwn points – a recognition reserved for first-time zero-day demonstrators.

STAR Labs SG, on the other hand, narrowly fell short in demonstrating the zero-day exploit fully. Despite this, they still achieved five Master of Pwn points, with a cash reward of $25,000 (R475,000) underscoring their efforts.

The event organisers, Pwn2Own, emphasized that all teams pulling off successful entries claim full Master of Pwn points, regardless of their order in the competition. Day one of the event saw an astounding $438,750 (R8.4 million) distributed to teams revealing zero-day vulnerabilities.

The Pwn2Own competition, while already filled with excitement, promises even bigger awards. Teams stand the chance to win up to $300,000 (R5.7 million) for a successful hack of the iPhone 14 and $250,000 (R4.8 million) for Google’s Pixel 7.