Skip to main content

Researchers find serious exploits in Samsung, Apple and Huawei phones

galaxy note 8 vs. galaxy note 7 software
Image used with permission by copyright holder
If you own an iPhone 7 or Galaxy S8, you may want to check for updates. This week, Zero Day Initiative (ZDI) hosted its annual Pwn2Own contest in Tokyo as researchers from around the world gathered to show exploits on the iPhone 7, Samsung S8, and Huawei Mate 9 Pro.

This year’s event yielded 32 different vulnerabilities and awarded $515,000 in payments to researchers.


iPhone X v iPhone 6S opinion 6s in hand
Image used with permission by copyright holder

Qihoo 360 Security exposed a vulnerability where hackers could use Wi-Fi to execute code on an iPhone 7. They also were able to exploit Safari through a bug in the browser and one in system services.

Tencent Keen Security Lab exposed a troubling Wi-Fi exploit where hackers could use a series of bugs to gain execution and escalate privilege on the iPhone 7 to install a rogue app. The app remained on the device even after a restart. 

Fluorescence (Richard Zhu) exploited a bug in the iPhone 7’s Safari browser with an out-of-bounds bug to escape the browser’s sandbox and execute code on the phone.


Image used with permission by copyright holder

MWR Labs exposed a serious vulnerability on the Samsung Galaxy S8. The researchers used 11 vulnerabilities across six different applications to execute code and pull data from the device. This magnitude of bugs allowed the researchers to continue exploiting the phone even after a reboot.

Qihoo 360 Security used the Samsung internet browser on the Galaxy S8 to run code and then leveraged a privilege escalation in a Samsung application that persisted through a device reboot.


Huawei Mate 9 review Huawei Mate 10
Andy Boxall/Digital Trends
Andy Boxall/Digital Trends

MWR Labs used a series of five bugs in different Huawei applications to escape the Google Chrome browser sandbox and remove data from a Huawei Mate 9 Pro.

Tencent Keen Security used a Huawei Mate 9 Pro to showcase the most devastating vulnerability during the contest. The researchers were able to execute a baseband attack on the device and execute code on the broadband processor.  They were then able to modify the device’s International Mobile Equipment Identity (IMEI), something that could cause huge disruptions if it was done in the wild.  This was the first broadband exploit ever submitted to ZDI.

Each year ZDI holds the Pwn2Own contest not only to show device exploits but to give vendors an opportunity to fix them. Exploits are provided to vendors, which are able to ask researchers directly any questions they may have. ZDI then gives the vendor 90 days to correct the issue. If the vendor is unable or does not fix the issue or provide a reasonable statement as to why the vulnerability is not fixed, ZDI publishes an advisory with additional details about the exploits in an effort to protect the public.

Editors' Recommendations

Steven Winkelman
Former Digital Trends Contributor
Steven writes about technology, social practice, and books. At Digital Trends, he focuses primarily on mobile and wearables…
One of our favorite Android phones just got its own iMessage app
Nothing Chats app on a. phone.

Nothing is trying to bridge the great blue/green bubble divide for Android users of iMessage. This is not a personal crusade to shatter walls and open windows, as much as Nothing CEO Carl Pei would want you to believe that. Instead, Nothing is piggybacking on tech created by New York-based startup Sunbird. 
Technically, the Sunbird app can be installed on any Android phone and it features a blue bubble for all iMessage text exchanges involving an Android phone. No more green bubble shame that could get you kicked out of groups for disrupting the harmony or even slim your dating chances. That’s how bad it is! 
Nothing is adopting the Sunbird tech and bundling it as its very own app under the name Nothing Chats. But here’s the fun part. The app only works on the Nothing Phone 2 and not the Nothing Phone 1. And this life-altering boon will only be bestowed upon users in the U.S., Canada, the U.K., or the EU bloc.

The app is currently in the beta phase, which means some iMessage features will be broken or absent. Once the app is downloaded on your Nothing Phone 2, you can create a new account or sign up with your Apple ID to get going with blue bubble texts. 
Just in case you’re concerned, all messages will be end-to-end encrypted, and the app doesn’t collect any personal information, such as the users’ geographic location or the texts exchanged. Right now, Sunbird and Nothing have not detailed the iMessage features and those that are broken. 
We made iMessage for Android...
The Washington Post tried an early version of the Nothing Chats app and notes that the blue bubble system works just fine. Texts between an Android device and an iPhone are neatly arranged in a thread, and multimedia exchange is also allowed at full quality. 
However, message editing is apparently not available, and a double-tap gesture for responding with a quick emoji doesn’t work either. We don’t know when these features will be added. Nothing's Sunbird-based app will expand to other territories soon. 
Sunbird, however, offers a handful of other tricks aside from serving the iMessage blue bubble on Android. It also brings all your other messaging apps, such as WhatsApp and Instagram, in one place. This isn’t an original formula, as Beeper offers the same convenience.

Read more
Can an Android phone replace my iPhone? I found out
Galaxy S23 FE next to a iPhone 15 Pro Max.

As an avid Apple fan, I was surprised when I received the Samsung Galaxy Tab S9 FE for review and found myself loving it. Could Samsung continue to impress me? That's what I wanted to find out when I received the Galaxy S23 FE. This "fan edition" smartphone, which we just ran through its paces in our Samsung Galaxy S23 FE review, offers many of the same features as the other Galaxy S23 models, but at a slightly lower price.

My handset of choice has always been the latest iPhone Pro. This usually means purchasing the Pro Max model, which I did again this year with the iPhone 15 Pro Max. I didn't expect the Galaxy S23 FE to match up to my new iPhone, as the Apple device is double the price and offers much better specs.

Read more
Samsung just killed one of its most important Android phones
Galaxy Fold open.

Today marks a milestone in the era of foldable smartphones as Samsung officially puts its legendary first-generation Galaxy Fold out to pasture.

After four years on the market, the original Galaxy Fold will no longer receive regular security updates. To be fair, the first Fold was already living on borrowed time, as it was left out of last year’s Android 13 update. However, when Samsung launched the expensive foldable, it promised a full four years of security updates for the device.

Read more