Security News

Contestants hacked the Samsung Galaxy S21 smartphone during the second day of the Pwn2Own Austin 2021 competition, as well as routers, NAS devices, speakers, and printers from Cisco, TP-Link, Western Digital, Sonos, Canon, Lexmark, and HP. So far, Trend Micro's Zero Day Initiative has awarded $777,500 over the first two days of Pwn2Own Austin, with $415,000 awarded during the second day and $362,500 won during the first day. The Synacktiv team maintains a slight lead in the Master of Pwn standings with 15 Master of Pwn points and $150,000 won so far, one point ahead of the DEVCORE team that has 14 points and has earned $140,000.

Researchers have discovered 19 mobile apps carrying rooting malware on official and third-party Android app stores, including Google Play and Samsung Galaxy Store. "By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware - steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances."

An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository. Battle for the Galaxy is available for Android and iOS devices, via the Steam gaming platform and also through the game publisher's browser-based version of the game.

A Reg reader recreated this scene in real life using his Samsung Galaxy A20 phone - and the severed tip of his index finger, parted from his hand thanks to an industrial accident involving a crane. "I extracted from its grave of medicinal alcohol, dried it off and... eureka! ... managed to register my dead finger on my phone."

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. In it, he noted [PDF] that in three years, the optimal cost per component on a chip had dropped by a factor of 10, while the optimal number had increased by the same factor, from 10 to 100.

Viasat announced its Mobile Dynamic Defense cybersecurity software is now available for the new Samsung Galaxy S20 Tactical Edition solution. The Viasat MDD platform will ensure sensitive Department of Defense, U.S. federal government and international Five Eye allied forces information, hosted on the Samsung Galaxy S20 TE device, is continually monitored and protected from compromise-even if the device is disconnected from the military or government operations center.

Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users. Researchers have disclosed a slew of critical-severity, patched flaws in flagship Samsung smartphones - including the Galaxy S7, S8 and S9 models.

A series of vulnerabilities affecting Samsung's Find My Mobile could have been chained to perform various types of activities on a compromised smartphone, a researcher from Portugal-based cybersecurity services provider Char49 revealed at the DEF CON conference on Friday. Find My Mobile is designed to help users find lost Samsung phones.

The Samsung Galaxy S20 will be the first and only device on the market to feature Thales' technological breakthrough - the world's first smartphones featuring a secure single-chip solution to support both mobile connectivity and trusted contactless services. Galaxy S20 users will be able to enjoy seamless mobile connectivity and contactless applications such as payments, transit ticketing and digital ID in compliance with the relevant industrial specifications.

Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today. The chip, which has the said-once-never-forgotten name "S3FV9RR" - aka the Mobile SE Guardian 4 - is a follow-up to the dedicated security silicon baked into the Galaxy S20 smartphone series launched in February 2020.