Skip to main content
  1. Home
  2. Mobile
  3. News

Researchers find serious exploits in Samsung, Apple and Huawei phones

By

If you own an iPhone 7 or Galaxy S8, you may want to check for updates. This week, Zero Day Initiative (ZDI) hosted its annual Pwn2Own contest in Tokyo as researchers from around the world gathered to show exploits on the iPhone 7, Samsung S8, and Huawei Mate 9 Pro.

This year’s event yielded 32 different vulnerabilities and awarded $515,000 in payments to researchers.

Recommended Videos

iPhone

iPhone X v iPhone 6S opinion 6s in hand
Image used with permission by copyright holder

Qihoo 360 Security exposed a vulnerability where hackers could use Wi-Fi to execute code on an iPhone 7. They also were able to exploit Safari through a bug in the browser and one in system services.

Please enable Javascript to view this content

Tencent Keen Security Lab exposed a troubling Wi-Fi exploit where hackers could use a series of bugs to gain execution and escalate privilege on the iPhone 7 to install a rogue app. The app remained on the device even after a restart. 

Fluorescence (Richard Zhu) exploited a bug in the iPhone 7’s Safari browser with an out-of-bounds bug to escape the browser’s sandbox and execute code on the phone.

Samsung

Image used with permission by copyright holder

MWR Labs exposed a serious vulnerability on the Samsung Galaxy S8. The researchers used 11 vulnerabilities across six different applications to execute code and pull data from the device. This magnitude of bugs allowed the researchers to continue exploiting the phone even after a reboot.

Qihoo 360 Security used the Samsung internet browser on the Galaxy S8 to run code and then leveraged a privilege escalation in a Samsung application that persisted through a device reboot.

Huawei

Huawei Mate 9 review Huawei Mate 10
Andy Boxall/Digital Trends
Andy Boxall/Digital Trends

MWR Labs used a series of five bugs in different Huawei applications to escape the Google Chrome browser sandbox and remove data from a Huawei Mate 9 Pro.

Tencent Keen Security used a Huawei Mate 9 Pro to showcase the most devastating vulnerability during the contest. The researchers were able to execute a baseband attack on the device and execute code on the broadband processor.  They were then able to modify the device’s International Mobile Equipment Identity (IMEI), something that could cause huge disruptions if it was done in the wild.  This was the first broadband exploit ever submitted to ZDI.

Each year ZDI holds the Pwn2Own contest not only to show device exploits but to give vendors an opportunity to fix them. Exploits are provided to vendors, which are able to ask researchers directly any questions they may have. ZDI then gives the vendor 90 days to correct the issue. If the vendor is unable or does not fix the issue or provide a reasonable statement as to why the vulnerability is not fixed, ZDI publishes an advisory with additional details about the exploits in an effort to protect the public.

Editors’ Recommendations

Topics
Steven Winkelman
Steven Winkelman
Former Digital Trends Contributor
Steven writes about technology, social practice, and books. At Digital Trends, he focuses primarily on mobile and wearables…
Apple iPhone 16e pre-orders have begun, so grab yours now
Side view of the iPhone 16e camera lens

Apple has started taking pre-orders for its latest smartphone, the iPhone 16e, in the U.S. and elsewhere. The rather divisive budget-focused smartphone from Apple is a major evolution over the now-defunct iPhone SE and sits underneath the mainline iPhones with a bunch of similarities and some serious feature-trimmings, as well.

It starts at $599 in the U.S. for the 128GB storage variant, while the 256GB and 512GB variants will have you parting ways with $699 and $899, respectively.

Read more
It’s time for Apple, Samsung and Google to solve the eSIM problem
Nano SIM card in SIM card tray from iPhone 14 Pro Max.

When Apple launched the new iPhone 16e on Wednesday, the Apple Store in every region displayed one thing under connectivity: eSIM. There was no mention of a physical SIM, and I had a waking nightmare that Apple had quietly pulled the plug, and every iPhone 16e globally would be sold as an eSIM-only model.

A quick search — and a look at the photos — confirmed that this hadn’t happened, but my reaction kickstarted a thought about eSIMs, their promise (and what we were promised), and the current state of eSIMs globally. I’ve been traveling for the past month, and eSIMs are an absolute mess. The potential was immense, but it goes against carriers’ interests to make it any easier, but there is a solution.

Read more
Own an Android? It looks like you may buy an iPhone next
The iPhone 16 Pro and the Galaxy S25 Plus held in the hand together

In a recent survey of iPhone owners, 48% of those now wielding Apple’s smartphone had previously owned an Android phone. The data comes from an extensive report using information gathered from 4,000 individuals by analysts at Counterpoint Research, and shows despite the challenges those who switch from Android to iOS (or vice versa) often face, it didn’t put almost half of current iPhone owners off.

The research then states it’s Samsung and Google suffering the most when someone decides it’s time to buy an iPhone, to the point the paper warns Samsung may see a marked fall in S-series ownership over the next two years if the trend continues. It’s added that Samsung, along with brands like OnePlus and China’s market leader Vivo, are using AI and flagship specifications to differentiate devices, in an effort to entice and retain buyers.

Read more