Galaxy S23 and rival Xiaomi 13 Pro get hacked live

Phone

The Galaxy S23 may be one of the most secure Android phones, but it is not impermeable. No smartphone is, regardless of who manufactures it. The Zero Day Initiative's ongoing Pwn2Own event in Toronto highlights that consumer electronics are always susceptible to attacks, and smartphones from both Samsung and Xiaomi were the focus of some newly discovered zero-days.

A zero-day is a vulnerability in a computer system that was previously unknown to its developers or anyone capable of mitigating it (via Wikipedia). Through its Pwn2Own event, the Zero Day Initiative encourages security researchers to report zero-day vulnerabilities privately to vendors. Cash rewards are at stake.

On the first day of the ongoing Pwn2Own 2023 Toronto event, researchers were able to exploit two zero-days affecting the Galaxy S23 and two zero-days on the Xiaomi 13 Pro. Once again, these exploits were previously unknown to Samsung, Google (and Xiaomi), or anyone able to patch them.

Story continues after the video

$75,000 awarded for discovering two Galaxy S23 zero-days

According to the Zero Day Initiative blog, Star Labs SG was able to exploit a permissive list of allowed input against the Galaxy S23. For discovering and demonstrating this zero-day, they earned $25,000 and 5 Master of Pwn points.

The bigger prize of $50,000 and 5 Master of Pwn points went to Pentest Limited for executing an Improper Input Validation on the Galaxy S23.

These newly-discovered vulnerabilities will likely be addressed with future security patches, and the exploit methods kept in secrecy untile then.

Security researchers have also found zero-days in the Xiaomi 13 Pro. Team Viettel earned $40,000 for executing a single-bug attack against the Xiaomi 13 Pro, and NCC Group earned $20,000 by demonstrating a zero-day on the same device.

All of this happened on the first day of the Pwn2Own 2023 Toronto event. There is a high probability that even more zero-days will be demonstrated before the event ends on October 27. We'll keep you posted.

Buy now!

Mihai Matei - Senior Editor

[email protected]

First Samsung device: SGH-A800

Mihai is a blogger and column writer at SamMobile. His first Samsung phone was an A800 which took a lot of beating, and a part of him still misses the novelty of the clamshell design. In his free time, he enjoys watching shows, documentaries, and stand-up comedy; listening to music, taking walks, and occasionally playing old(er) video games.

Phone Galaxy S23 Galaxy S23 Plus Galaxy S23 Ultra Xiaomi

galaxy ai vs apple intelligence – note organization

Galaxy S23 and rival Xiaomi 13 Pro get hacked live

$75,000 awarded for discovering two Galaxy S23 zero-days

Mihai Matei - Senior Editor

[email protected]

First Samsung device: SGH-A800

You might also like

Samsung Galaxy AI vs. Apple Intelligence [Part 7]: Note organization

Galaxy S23's May 2025 security update reaches India

Galaxy S23 updated with May 2025 security patch in Europe

T-Mobile confirms Galaxy S23 series not removed from Starlink beta in the US