Cyber security exploitations happen all the time and it can happen to anyone if the right measures are not taken, meaning your devices can be a victim of hacking into sensitive documents and personal data costing you serious financial damage.
This is why security measures are set up into places to protect devices from cyber threats but sometimes it is not enough and people do manage to hack into your devices as technology allows people to find ways around it and this will all be explained further in this blog.
iPhone hacked and now Samsung
One of the biggest multinational technology companies; Apple was hacked a couple of weeks ago getting access into the iOS 15 as well as Apple iPhone 13 Pro. You can read more about this in this blog.
However, now Samsung has been targeted with their current flagship smartphone, the Galaxy S21 to feel the hacking heat.
Although this is very unfortunate, it is also not the first time that this has happened to the Galaxy S21. The hacking was done within a couple of days as the hackers were able to show a total of 61 unique zero-day security flaws across a range of products, in total bagging themselves an impressive $1,081,250 in the process.
How did it happen?
From the 16th to the 17th of October 2021, Chinese hackers taking part in the annual Tianfu Cup hacking challenge managed to bypass safari security protections and obtain code execution on an iPhone 13 Pro running the fully repaired iOS 15.0.2 at the time. Throughout this time another team of hackers went on to jailbreak to the same flagship device by way of a ‘one-click attack’.
The Chinese government banned the Tianfu Cup, which are elite hackers that take part in international competitive hacking events where zero-day exploits are proved. Zero-day exploits refer to the fact that the vendor or developer has only just learned of the flaw.
The most popular event in hacking is called Pwn2Own organized by Trend Micro’s Zero Day Initiative, ZDI, and held twice a year in North America and the latest Pwn2Own event was set in Austin, Texas on the 2nd to the 5th of November and this is where the second Samsung Galaxy S21 smartphone was hacked.
Successfully the STARlabs team on Wednesday 3rd of November managed to use an exploit chain to attack the Samsung Galaxy S21, this is officially described as a ‘collision’ rather than success at the attack chain included a vulnerability that was already recognised to Samsung relatively than being a full zero-day chain. Sam Thomas, director of research at Pentest Limited on 4th November managed to get the execution on the Samsung Galaxy S21 using a three-bug chain that made a full success label bringing in $50,000 cash prize to the Pentest Limited team, which was also, awarded $25,000 for their hacking efforts. The person who managed to hack was able to keep the devices concerned in what ZDI describe as getting to keep everything you won.
This is why it is very important to make sure you are protected as it can cost a lot of money to fix the damages created through cyber security threats. You can learn more about how to protect your devices in our Cyber security practical experience course.
The Pwn2Own compared to the Tianfu Cup
The Pwn2Own Austin was not as impressive as the Tianfu Cup as it lacked the wow factor and money. Combined with the Samsung Galaxy S21 smartphone, Pwn2Own also saw a Sonos One Speaker fall, which meant the Synacktiv team earned $60,000 but it was only printers and routers. Although, these are still valuable products too, the impacted vendor has 120 days before the methodologies are publicly disclosed, which allows users to be more secure.
Senior director of vulnerability Brian Gorenc, research and head of the ZDI program at Trend Micro explained why we did not see any of the new iPhone 13 range running iOS 15.1, or the hacker inspection for the Google Pixel 6.
He stated “When we announced the contest, we included the latest handsets available from each vendor,” because apple and google released new smartphones “these new models weren’t available to all of our researchers,” he clarifies, “so we continued with the hardware versions we initially announced.” As it is unfortunate to only see only the Samsung Galaxy S21 being put to the test, it has to be said.
Brian Gorenc also shared his views of the Tianfu Cup and how the withdrawal of the massively successful Chinese hacking teams had impacted Pwn2Own?
Brian Gorenc commented, “When Chinese teams withdrew from our competition, we did see an initial drop in participation, however, their exclusion has actually opened the door for other researchers.” Certainly, Pwn2Own was the main event “more than double the number of entries than we are used to seeing.” As well as “the lack of teams from China has allowed independent researchers and other teams to have their own success and grow the contest to heights we never expected.” Correctly, the discovery of no less than 61 unique zero-days would appear to be an indication of that.
In conclusion, even if you do experience cyber security breaches it is important to deal with the situation as quickly as possible before you lose full control. Gorenc says, concluding, “the goal is always to get these bugs fixed before they’re actively exploited by attackers.”
This demonstrates that if you do suspect any activity that does not seem normal, you should always act fast upon it as this can cause serious damage to your personal details. To find out ways to protect your devices you can read more in our previous blog here.