Skip to main content
  1. Home
  2. Mobile
  3. News

Researchers find serious exploits in Samsung, Apple and Huawei phones

By

galaxy note 8 vs. galaxy note 7 software
Image used with permission by copyright holder
If you own an iPhone 7 or Galaxy S8, you may want to check for updates. This week, Zero Day Initiative (ZDI) hosted its annual Pwn2Own contest in Tokyo as researchers from around the world gathered to show exploits on the iPhone 7, Samsung S8, and Huawei Mate 9 Pro.

This year’s event yielded 32 different vulnerabilities and awarded $515,000 in payments to researchers.

Recommended Videos

iPhone

iPhone X v iPhone 6S opinion 6s in hand
Image used with permission by copyright holder

Qihoo 360 Security exposed a vulnerability where hackers could use Wi-Fi to execute code on an iPhone 7. They also were able to exploit Safari through a bug in the browser and one in system services.

Related

Tencent Keen Security Lab exposed a troubling Wi-Fi exploit where hackers could use a series of bugs to gain execution and escalate privilege on the iPhone 7 to install a rogue app. The app remained on the device even after a restart. 

Fluorescence (Richard Zhu) exploited a bug in the iPhone 7’s Safari browser with an out-of-bounds bug to escape the browser’s sandbox and execute code on the phone.

Samsung

Image used with permission by copyright holder

MWR Labs exposed a serious vulnerability on the Samsung Galaxy S8. The researchers used 11 vulnerabilities across six different applications to execute code and pull data from the device. This magnitude of bugs allowed the researchers to continue exploiting the phone even after a reboot.

Qihoo 360 Security used the Samsung internet browser on the Galaxy S8 to run code and then leveraged a privilege escalation in a Samsung application that persisted through a device reboot.

Huawei

Huawei Mate 9 review Huawei Mate 10
Andy Boxall/Digital Trends
Andy Boxall/Digital Trends

MWR Labs used a series of five bugs in different Huawei applications to escape the Google Chrome browser sandbox and remove data from a Huawei Mate 9 Pro.

Tencent Keen Security used a Huawei Mate 9 Pro to showcase the most devastating vulnerability during the contest. The researchers were able to execute a baseband attack on the device and execute code on the broadband processor.  They were then able to modify the device’s International Mobile Equipment Identity (IMEI), something that could cause huge disruptions if it was done in the wild.  This was the first broadband exploit ever submitted to ZDI.

Each year ZDI holds the Pwn2Own contest not only to show device exploits but to give vendors an opportunity to fix them. Exploits are provided to vendors, which are able to ask researchers directly any questions they may have. ZDI then gives the vendor 90 days to correct the issue. If the vendor is unable or does not fix the issue or provide a reasonable statement as to why the vulnerability is not fixed, ZDI publishes an advisory with additional details about the exploits in an effort to protect the public.

Editors' Recommendations

Topics
Steven Winkelman
Steven Winkelman
Former Digital Trends Contributor
Steven writes about technology, social practice, and books. At Digital Trends, he focuses primarily on mobile and wearables…
iPhone not holding charge? How to replace an iPhone battery
How-to-replace-iPhone-battery-feature-image

When smartphones were in their infancy, battery packs were easy to replace. Most products let users open a flap on the back of the device to easily remove the battery, giving them a quick way to ditch a dead battery and install a new one. Fast forward to 2024, and that's a rarity. Replacing batteries is much more difficult today than it was a decade ago, and that's especially true for all iPhone models.

Whether you're working with the new iPhone 15 or an old iPhone 12, you can't just run out to the store and snag a new battery for your smartphone. Instead, you'll need to contact Apple directly or go through elaborate workarounds to install the battery yourself.

Read more
5 phones you should buy instead of the iPhone 15 Pro
iPhone 15 Pro in Natural Titanium held in hand in front of a wooden gate.

Apple’s iPhone 15 Pro is what we consider one of the best iPhones that you can buy right now. It offers most of the latest cutting-edge tech from Apple, including the powerful new A17 Pro chip, an improved camera system, a beautiful ProMotion display, a titanium body, the new Action button, and USB-C. It’s Apple’s most premium phone but in a compact size.

But if you’re in the market for a new phone, you should know there are other options, too. You don’t necessarily need the latest and greatest from Apple, especially if you’re not truly vested in its ecosystem.

Read more
Hands-on with the Belkin iPhone Mount with MagSafe for Apple TV 4K
The Belkin iPhone Mount with MagSafe for Apple TV 4K.

The Belkin iPhone Mount with MagSafe for Apple TV 4K perched atop an extremely thin OLED television. Phil Nickinson / Digital Trends

The Belkin iPhone Mount with MagSafe for Apple TV 4K is one mouthful of an official name. What it does is much more simple. It is a mount for your iPhone to be used with an Apple TV 4K. And it has MagSafe to keep the phone in place. That's it.

Read more