Skip to main content

Researchers find serious exploits in Samsung, Apple and Huawei phones

If you own an iPhone 7 or Galaxy S8, you may want to check for updates. This week, Zero Day Initiative (ZDI) hosted its annual Pwn2Own contest in Tokyo as researchers from around the world gathered to show exploits on the iPhone 7, Samsung S8, and Huawei Mate 9 Pro.

This year’s event yielded 32 different vulnerabilities and awarded $515,000 in payments to researchers.

Recommended Videos

iPhone

iPhone X v iPhone 6S opinion 6s in hand
Image used with permission by copyright holder

Qihoo 360 Security exposed a vulnerability where hackers could use Wi-Fi to execute code on an iPhone 7. They also were able to exploit Safari through a bug in the browser and one in system services.

Tencent Keen Security Lab exposed a troubling Wi-Fi exploit where hackers could use a series of bugs to gain execution and escalate privilege on the iPhone 7 to install a rogue app. The app remained on the device even after a restart. 

Fluorescence (Richard Zhu) exploited a bug in the iPhone 7’s Safari browser with an out-of-bounds bug to escape the browser’s sandbox and execute code on the phone.

Samsung

Image used with permission by copyright holder

MWR Labs exposed a serious vulnerability on the Samsung Galaxy S8. The researchers used 11 vulnerabilities across six different applications to execute code and pull data from the device. This magnitude of bugs allowed the researchers to continue exploiting the phone even after a reboot.

Qihoo 360 Security used the Samsung internet browser on the Galaxy S8 to run code and then leveraged a privilege escalation in a Samsung application that persisted through a device reboot.

Huawei

Huawei Mate 9 review Huawei Mate 10
Andy Boxall/Digital Trends
Andy Boxall/Digital Trends

MWR Labs used a series of five bugs in different Huawei applications to escape the Google Chrome browser sandbox and remove data from a Huawei Mate 9 Pro.

Tencent Keen Security used a Huawei Mate 9 Pro to showcase the most devastating vulnerability during the contest. The researchers were able to execute a baseband attack on the device and execute code on the broadband processor.  They were then able to modify the device’s International Mobile Equipment Identity (IMEI), something that could cause huge disruptions if it was done in the wild.  This was the first broadband exploit ever submitted to ZDI.

Each year ZDI holds the Pwn2Own contest not only to show device exploits but to give vendors an opportunity to fix them. Exploits are provided to vendors, which are able to ask researchers directly any questions they may have. ZDI then gives the vendor 90 days to correct the issue. If the vendor is unable or does not fix the issue or provide a reasonable statement as to why the vulnerability is not fixed, ZDI publishes an advisory with additional details about the exploits in an effort to protect the public.

Steven Winkelman
Former Staff Writer, Mobile
Steven writes about technology, social practice, and books. At Digital Trends, he focuses primarily on mobile and wearables…
Samsung’s the reason Apple’s first foldable phone is coming
Concept render of a foldable iPhone in a fully open state.

Next year, Apple is largely expected to release its very first foldable iPhone. The new device will come many years after companies like Apple, Google, and many others have already released multiple generations of foldable phones. We’re learning more about why Apple waited so long to join the market. The answer is somewhat surprising.

According to BusinessKorea (via 9to5Mac), earlier this year, Samsung was able to meet Apple’s quality requirements for the new phone’s display. Before this, none of Apple’s display suppliers could remove, to Apple’s satisfaction, a visible crease that had been a long-running annoyance for users of earlier foldable phones. Samsung succeeded by working closely with hinge supplier Amphenol, which makes hinges for MacBooks.

Read more
Apple iPhone owners urged to download new update now as a security must
An iPhone showing the Apple Password app.

The new iPhone software update, iOS 18.4, could be more critical than is being talked about when it comes to security.

While there are lots of new features added in the latest release, out yesterday, what's less talked about is the 62 security updates and fixes that roll out with this version. Some are quite serious.

Read more
Five reasons I’m excited for the new Google Pixel 9a
Person holds Pixel 9a in hand while sitting in a car.

Google has consistently ranked among the best smartphones for its affordable devices over the past six years, particularly with its Pixel A series. The Pixel 3a set the trend for major phone manufacturers to provide a compelling experience at half the price of flagship models, intensifying competition in this segment.

In the last three months, we’ve seen Samsung introduce the Galaxy A56 and Galaxy A36, which deliver features from the Galaxy S25 series at a significantly lower price point. Then there’s Apple, which entered the market with the iPhone 16e, priced considerably higher than its rivals. Additionally, Nothing offers the Nothing Phone 3a and Phone 3a Pro, arguably the best phones available at $379 and $459, respectively.

Read more