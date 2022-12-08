ContributorsPublishersAdvertisers
Tom's Guide

Hackers find two Samsung Galaxy S22 zero-days at Pwn2Own — what you need to know

By Malcolm McMillan
Tom's Guide
Tom's Guide
 5 days ago

https://img.particlenews.com/image.php?url=0MWNar_0jbxBpvG00

Samsung Galaxy S22 users woke up to an unpleasant surprise yesterday.

Hackers at the popular hacking event Pwn2Own in Toronto, Canada were able to find two zero-day exploits when attempting to hack a Galaxy S22 phone. As reported by Forbes , these attacks were improper input validation attacks which occur when an attacker inputs strange information into a normal user input field in order to break a system's functionality. The phones that were hacked werealso running  the latest updates and patches.

Often these attacks simply corrupt system performance, potentially rendering the system — in this case a Galaxy S22 phone — inoperable. In some cases, these attacks can even grant unauthorized access to an attacker, but that is less common.

Samsung Galaxy S22 hacks: What can you do?

https://img.particlenews.com/image.php?url=1v3VWn_0jbxBpvG00

(Image credit: Tero Vesalainen / Shutterstock)

There's some good news and bad news for owners of the Samsung Galaxy S22 lineup . The good news is that these hackers were attempting to find exploits in order to prevent future attacks. This is a relatively common practice and can typically involve a cash incentive for those attempting to exploit a system — as was the case here.

What this means is that Samsung now knows about these exploits and has the ability to fix them rather than malicious actors being able to break your phone unexpectedly. Given these zero-day hacks were previously unknown to Samsung, which is what the term “zero-day” means, these bug bounties are incredibly beneficial to both users and companies alike.

The bad news is that we don’t currently have a timeline for when these exploits will be fixed. Hopefully, the exploits themselves will never be revealed and they get quietly fixed in the background. But for now, we simply don’t know.

https://img.particlenews.com/image.php?url=3VBvjw_0jbxBpvG00

(Image credit: Future)

We did reach out to Samsung for comment and will update this article if we hear back from them. However, Samsung did provide the following statement to Forbes regarding the attacks, “Samsung takes security seriously and is committed to providing a safe and secure experience for our customers. We are working to further enhance the security of our devices by releasing a security patch within December. Meanwhile, we recommend users only download trusted applications and keep their devices updated with the latest software to ensure the highest level of protection possible.”

While new exploits is certainly not great news, the Samsung Galaxy S22 and its suped-up sibling the Samsung Galaxy S22 Ultra are still great phones. I personally use an S22 Ultra and while it took some time to get used to the size, it’s easily the best Android phone I’ve ever had. And this holiday season is a great time to get one at a discount, so make sure to check out our coverage of the latest Samsung Galaxy S22 deals if you’re in need of an upgrade.

Comments / 0

Related
BGR.com

These fake Android file manager apps steal banking logins

Android device owners beware — more malicious apps have been discovered on the Google Play store. Bitdefender’s cybersecurity team says several fake Android file manager apps are infecting Android devices with the SharkBot banking malware. These fake apps are no longer available on the store, but they might still be on your phone. Screenshots of the store pages show that thousands of Android users downloaded these malicious apps.
Reader's Digest

How to Make Your Phone (Nearly) Impossible to Track—and Keep Personal Information Safe

Let’s face it: At best, most of us are reliant on our phones these days. (At worst, we’re downright addicted.) But do you ever consider the things your smartphone knows about you? You may know how to tell if your computer has been hacked and what hackers can do with your cell phone number, but are you clued in to common smartphone security threats and data-tracking measures? Knowing the risks may have you wondering how to make your phone impossible to track.
Android Headlines

How to transfer WhatsApp to new phone without losing data

If you have recently decided to purchase a new phone and are worried about how to transfer WhatsApp to a new phone, we have got you covered. In this article, we will share different ways that you can try to transfer WhatsApp from one device to another. Continue reading the article for more information.
Phone Arena

It's not you, Google Photos is set to become worse at estimating your photo locations

Google Photos is set to become way less adept at approximate geolocation. Google says that Photos is about to stop using your account-wide Location History to determine where specific shots were taken, provided that you opted out of the camera app using your location data due to privacy concerns. Up...
Ars Technica

Samsung’s Android app-signing key has leaked, is being used to sign malware

A developer's cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you're installing. The matching keys ensure the update actually comes from the company that originally made your app and isn't some malicious hijacking plot. If a developer's signing key got leaked, anyone could distribute malicious app updates and Android would happily install them, thinking they are legit.
CNET

Your Home Security Cameras Can Be Hacked. Here's How to Prevent It

This story is part of Home Tips, CNET's collection of practical advice for getting the most out of your home, inside and out. Installing an internet-connected security camera in your house won't necessarily bring a wave of hackers to your Wi-Fi network -- but it also has happened before. For...
TechRadar

Web skimming hackers infiltrate over 40 ecommerce websites - that we know of

A new set of web skimming attacks have been discovered by JavaScript monitoring company Jscrambler, including attacks using methods that are reportedly unrecognizable. In a blog post (opens in new tab), the company outlined how it detected a web skimming attack on a discounted web marketing and analytics service occurred through the acquisition of its domain name (Cockpit). The domain name has not been in use since 2014.
TechRadar

Microsoft is reportedly planning a one-stop 'super app' for all your needs

Microsoft is reportedly considering turning its attention to an all-in-one “super app” that would see it challenging Apple and Google’s dominance in the mobile search space. According to reports by The Information (opens in new tab), the app could combine shopping, messaging, web search, and news feeds,...
ZDNet

Hackers are still finding - and using - flaws in Internet Explorer

Google has filled in the blanks about a curious zero-day flaw that Microsoft addressed in its November Patch Tuesday. The remote code execution flaw, tracked as CVE-2022-41128, was in one of its Windows JavaScript scripting languages, JScript9 – the JavaScript engine used in IE 11. The bug affected Windows 7 through to Windows 11, as well as Windows Server 2008 through 2022.
Android Police

Microsoft plots superpowered Bing app to break the dominance of Apple and Google

Readers like you help support Android Police. When you make a purchase using links on our site, we may earn an affiliate commission. Read More. Microsoft unceremoniously flopped out of the mobile ecosystem wars in late 2019 with the death of Windows Mobile. The company has tried to make up for it by offering its services on the platforms it tried to compete against while also embracing a number of integrations with Android. Still, it seems the company has ambitions to give customers of Apple and Google another compelling choice for online search, shopping, payments, and a lot more. Microsoft could do so by turning to a strategy that's seen success in Asia.
Cult of Mac

Apple vastly expands iCloud data encryption with 3 security updates

Apple said Wednesday users are gaining three new security features to protect their data in the cloud, with some available now and some to come. The overall program is called Advanced Data Protection. The three new functions to help keep data and communications safe are iMessage Contact Key Verification, Security...
Tom's Guide

Tom's Guide

New York City, NY
475K+
Followers
23K+
Post
13M+
Views
ABOUT

Putting consumer goals and ambitions first, providing the information and tools to help everyone find great products easily and solving problems when they arise, Tom’s Guide is the destination for all things consumer tech and beyond.

 https://www.tomsguide.com

Comments / 0

Community Policy