Just a few weeks after hackers succeeded in breaking the security measures of iOS 15 and hacking an Apple iPhone 13 Pro, it is now Samsung’s current flagship smartphone, the Galaxy S21, to feel the heat of the hackers.
Unfortunately, like the iPhone 13 Pro, the Galaxy S21 was hacked not just once but twice. In fact, in just a few days, hackers were able to identify a total of 61 unique zero-day vulnerabilities in a range of products for a whopping $ 1,081,250. That’s how it all went.
On the weekend of October 16-17, Chinese hackers participating in the annual Tianfu Cup Hacking Challenge were able to bypass Safari’s security precautions and achieve remote code execution on an iPhone 13 Pro that was currently running the fully patched iOS 15.0.2 was running. In addition, another team of hackers jailbreaked the same flagship with a “one-click” attack.
The Tianfu Cup came about after China’s elite ethics hackers were banned by the Chinese government from participating in international hacking competitions demonstrating zero-day exploits. Zero-day exploits target a vulnerability that is unknown to the provider and therefore cannot be stopped immediately.
The most popular hacking event is Pwn2Own (pronounced the “pwn” bit like the “own” bit, you’re welcome), organized by Trend Micros Zero Day Initiative, ZDI, and takes place twice a year in North America.
Pwn2Own hackers use exploit chains to hack the Samsung Galaxy S21
The latest Pwn2Own event took place November 2-5 in Austin, Texas and it was here that the Samsung Galaxy S21 smartphone fell victim to hackers. Twice.
It would have been three times, but one of the hacking teams was unable to successfully execute its zero-day exploit in the allotted time frame.
However, on Wednesday November 3, the STARLabs team used an exploit chain to successfully attack the Samsung Galaxy S21. Officially, this was categorized as a “collision” rather than a direct hit, as this chain of attacks contained a vulnerability that Samsung was already aware of, rather than a full zero-day chain.
On Thursday, November 4th, Sam Thomas, Director of Research at Pentest Limited, was able to get code execution on the Samsung Galaxy S21 using a chain with three defects that received a full success label. It also earned the Pentest Limited team a cash award of $ 50,000. The STARLabs team received $ 25,000 for their hacking efforts. The successful hackers can also use the affected devices in the so-called ‘sending everything to those who owned it. ‘
Considering this is the second Pwn2Own hacking event this year, more than $ 2 million has been given away when you combine the two. As for Pwn2Own Austin, there could only be one winner. Well, two if you count security in general. It was a close conversation between the top three hacking teams, with STARLabs taking third place with 12 Master of Pwn points and a cash hack of $ 112,500. The first two, however, were neck and neck, with DEVCORE in second place with 18 points, earning $ 180,000 just behind the Synacktiv team with 20 points and $ 197,500.
Where were all the hacking targets with the wow factor?
It is true to say that Pwn2Own Austin lacked any wow factor goals, if not wow factor money, at least when compared to the Tianfu Cup. In addition to the Samsung Galaxy S21 smartphone, Pwn2Own also saw a Sonos One speaker drop (which grossed the Synacktiv team a cool $ 60,000 in the process), but otherwise it was a bunch of routers and printers. Not that these aren’t worthwhile products, and once the affected vendors have patched the vulnerabilities they’ve discovered (they have 120 days before the methods are made public), users are a bit more secure. However, the Chinese event was full of dramatic impact when Microsoft Windows 10 and Google Chrome were pwned.
In fact, it was disappointing that none of the new iPhone 13 lineups with iOS 15.1 or the latest Google Pixel 6 were ready for hack inspection. I asked Brian Gorenc, Senior Director of Vulnerability Research and Head of the ZDI program at Trend Micro, why this is so.
“When we announced the competition, we included the latest phones from each vendor,” says Gorenc. Since then, Apple and Google have launched new smartphones, but “these new models weren’t available to all of our researchers,” he explains, “so we continued with the hardware versions that were originally announced.” It is still a shame to see that only the Samsung Galaxy S21 is being put to the test, one has to say.
While I had the opportunity, I also asked Gorenc for his opinion on the Tianfu Cup and how the withdrawal of the hugely successful Chinese hacking teams had affected Pwn2Own.
“When Chinese teams withdrew from our competition, we initially saw a decline in participation,” says Gorenc, “but their exclusion actually opened the door for other researchers.” In fact, he says Pwn2Own Austin is the biggest Pwn2Own event ever, with “more than double the number of entries than we are used to seeing”. If anything, he adds, “The lack of teams from China has allowed independent researchers and other teams to have their own success and take competition to heights we never expected.” In fact, the discovery of no less than 61 unique zero days seems to be evidence of this.
Gorenc wouldn’t get drawn into the more political debate about China and how it fenced off the indigenous hacker community when it came to the discovery and disclosure of zero days. “We can’t speak to other competitions, but Pwn2Own gives vendors full details of the exploit minutes after the bug was demonstrated on stage,” he says. “Pwn2Own tries to harden platforms by uncovering vulnerabilities and making this research available to the providers,” says Gorenc in conclusion. “The goal is always to fix these errors before they are actively exploited by attackers.”
I’ve reached out to Samsung to get an idea of when Galaxy S21 users can expect these vulnerabilities to be patched and will update this article in due course.