Samsung Galaxy S21 Smartphone Hacked During $1 Million, 61 Zero-Days, Hacking Romp

Just weeks after hackers managed to breach iOS 15 security measures and hack an Apple iPhone 13 Pro, now it’s the turn of Samsung’s current flagship smartphone, the Galaxy S21, to feel the hacking heat.

Unfortunately, like the iPhone 13 Pro before it, the Galaxy S21 has been hacked not once but twice. Indeed, within just a few days, hackers were able to demonstrate a total of 61 unique zero-day security flaws across a range of products and make themselves a whopping $1,081,250 in the process. Here’s how it all went down.

Over the weekend of 16-17 October, Chinese hackers taking part in the annual Tianfu Cup hacking challenge were able to bypass Safari security protections and achieve remote code execution on an iPhone 13 Pro running the fully patched iOS 15.0.2 at the time. What’s more, a different team of hackers went on to jailbreak the same flagship device by way of a ‘one-click’ attack.

The Tianfu Cup came about after China’s elite ethical hackers were banned by the Chinese government from taking part in international competitive hacking events where zero-day exploits are demonstrated. Zero-day exploits target a vulnerability that is unknown to the vendor and, therefore, cannot be stopped immediately.

The most popular hacking event is Pwn2Own (pronounce the ‘pwn’ bit like the ‘own’ bit, you’re welcome), organized by Trend Micro’s Zero Day Initiative, ZDI, and held twice a year in North America.

Pwn2Own hackers use exploit chains to hack Samsung Galaxy S21

The latest Pwn2Own event took place in Austin, Texas, between 2-5 November, and it was here that the Samsung Galaxy S21 smartphone fell to hackers. Twice.

It would have been three times, but one of the hacking teams was unable to successfully execute their zero-day exploit in the allotted timeframe.

However, on Wednesday, 3 November, the STARLabs team used an exploit chain to successfully attack the Samsung Galaxy S21. Officially, this was categorized as a ‘collision’ rather than an outright success as that attack chain included a vulnerability that was already known to Samsung rather than being a full zero-day chain.

On Thursday, 4 November, Sam Thomas, director of research at Pentest Limited, was able to get code execution on the Samsung Galaxy S21 using a three-bug chain that earned a full success label. It also earned the Pentest Limited team a $50,000 cash prize. The STARLabs team were awarded $25,000 for their hacking efforts. The successful hackers also get to keep the devices concerned in what ZDI called ‘the shipping of everything pwned to those who owned.’

Considering that this is the second Pwn2Own hacking event this year, if you combine the two, more than $2 million has been awarded. As far as Pwn2Own Austin was concerned, there could be only one winner. Well, two if you count security in general. It was a close call between the top three hacking teams, with STARLabs third on 12 ‘Master of Pwn’ points and a cash haul of $112,500. However, the top two were neck and neck, with DEVCORE in second on 18 points and $180,000 earned, just behind the Synacktiv team with 20 points and $197,500.

Where were all the ‘wow factor’ hacking targets?

It’s true to say that Pwn2Own Austin lacked wow factor targets, if not wow factor money, at least when compared to the Tianfu Cup. Alongside the Samsung Galaxy S21 smartphone, Pwn2Own also saw a Sonos One Speaker fall (earning the Synacktiv team a cool $60,000 in the process), but otherwise, it was a bunch of routers and printers.

Not that these aren’t worthy products to target, and once the impacted vendors have patched the vulnerabilities exposed (they have 120 days before the methodologies are publicly disclosed), users will be that bit more secure. However, the Chinese event went full out for dramatic impact with Microsoft Windows 10 and Google Chrome getting pwned.

Indeed, it was disappointing not to see any of the new iPhone 13 range running iOS 15.1, or the latest Google Pixel 6, up for hacker inspection. I asked Brian Gorenc, senior director of vulnerability research and head of the ZDI program at Trend Micro, why this was.

“When we announced the contest, we included the latest handsets available from each vendor,” Gorenc says. Since that time, although Apple and Google both released new smartphones, “these new models weren’t available to all of our researchers,” he explains, “so we continued with the hardware versions we initially announced.” It’s still something of a shame to see only the Samsung Galaxy S21 being put to the test, it has to be said.

While I had the opportunity, I also asked Gorenc about his view of the Tianfu Cup and how the withdrawal of the hugely successful Chinese hacking teams had impacted Pwn2Own?

“When Chinese teams withdrew from our competition, we did see an initial drop in participation,” Gorenc says, “however, their exclusion has actually opened the door for other researchers.” Indeed, he says that Pwn2Own Austin is the largest Pwn2Own event ever with “more than double the number of entries than we are used to seeing.”

If anything, he adds, “the lack of teams from China has allowed independent researchers and other teams to have their own success and grow the contest to heights we never expected.” Indeed, the discovery of no less than 61 unique zero-days would appear to be a testament to that.

Gorenc wouldn’t be drawn into the more political debate surrounding China and how it is putting a ringfence around the domestic hacking community when it comes to discovering and disclosing zero-days. “We can’t speak to other contests, but at Pwn2Own, vendors are provided full details of the exploit minutes after the bug was demonstrated on stage,” he says. “Pwn2Own seeks to harden platforms by revealing vulnerabilities and providing that research to the vendors,” Gorenc says, concluding, “the goal is always to get these bugs fixed before they’re actively exploited by attackers.”

I have reached out to Samsung to get an idea when Galaxy S21 users can expect to see these vulnerabilities patched and will update this article in due course.

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.

Davey is a three-decade veteran technology journalist and has been a contributing editor at PC Pro magazine since the first issue in 1994. A co-founder of the Forbes Straight Talking Cyber video project, which has been named ‘Most Educational Content’ at the 2021 European Cybersecurity Blogger Awards, Davey also won the 2020 Security Serious ‘Cyber Writer of the Year’ title. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

Source: Samsung Galaxy S21 Hack, $1 Million Hackers, Pwn2Own, 61 Security Bugs

.

Related Contents:

“Samsung Galaxy Neo announced, headed to Korea”. GSMArena. 3 April 2011. Archived from the original on 22 May 2011. Retrieved 22 May 2011.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: