Skip to main content
  1. Home
  2. Mobile
  3. News

Researchers find serious exploits in Samsung, Apple and Huawei phones

By

galaxy note 8 vs. galaxy note 7 software
Image used with permission by copyright holder
If you own an iPhone 7 or Galaxy S8, you may want to check for updates. This week, Zero Day Initiative (ZDI) hosted its annual Pwn2Own contest in Tokyo as researchers from around the world gathered to show exploits on the iPhone 7, Samsung S8, and Huawei Mate 9 Pro.

This year’s event yielded 32 different vulnerabilities and awarded $515,000 in payments to researchers.

Recommended Videos

iPhone

iPhone X v iPhone 6S opinion 6s in hand
Image used with permission by copyright holder

Qihoo 360 Security exposed a vulnerability where hackers could use Wi-Fi to execute code on an iPhone 7. They also were able to exploit Safari through a bug in the browser and one in system services.

Please enable Javascript to view this content

Tencent Keen Security Lab exposed a troubling Wi-Fi exploit where hackers could use a series of bugs to gain execution and escalate privilege on the iPhone 7 to install a rogue app. The app remained on the device even after a restart. 

Fluorescence (Richard Zhu) exploited a bug in the iPhone 7’s Safari browser with an out-of-bounds bug to escape the browser’s sandbox and execute code on the phone.

Samsung

Image used with permission by copyright holder

MWR Labs exposed a serious vulnerability on the Samsung Galaxy S8. The researchers used 11 vulnerabilities across six different applications to execute code and pull data from the device. This magnitude of bugs allowed the researchers to continue exploiting the phone even after a reboot.

Qihoo 360 Security used the Samsung internet browser on the Galaxy S8 to run code and then leveraged a privilege escalation in a Samsung application that persisted through a device reboot.

Huawei

Huawei Mate 9 review Huawei Mate 10
Andy Boxall/Digital Trends
Andy Boxall/Digital Trends

MWR Labs used a series of five bugs in different Huawei applications to escape the Google Chrome browser sandbox and remove data from a Huawei Mate 9 Pro.

Tencent Keen Security used a Huawei Mate 9 Pro to showcase the most devastating vulnerability during the contest. The researchers were able to execute a baseband attack on the device and execute code on the broadband processor.  They were then able to modify the device’s International Mobile Equipment Identity (IMEI), something that could cause huge disruptions if it was done in the wild.  This was the first broadband exploit ever submitted to ZDI.

Each year ZDI holds the Pwn2Own contest not only to show device exploits but to give vendors an opportunity to fix them. Exploits are provided to vendors, which are able to ask researchers directly any questions they may have. ZDI then gives the vendor 90 days to correct the issue. If the vendor is unable or does not fix the issue or provide a reasonable statement as to why the vulnerability is not fixed, ZDI publishes an advisory with additional details about the exploits in an effort to protect the public.

Editors’ Recommendations

Topics
Steven Winkelman
Steven Winkelman
Former Digital Trends Contributor
Steven writes about technology, social practice, and books. At Digital Trends, he focuses primarily on mobile and wearables…
Apple hopes foldable and thinner iPhones will boost sales
A render of the iPhone Air.

Apple's iPhone sales have declined in recent years, primarily because the company has focused more on software updates than hardware improvements. However, Apple hopes this trend will change next year, as it plans to introduce new handsets with significant design upgrades.

There has been considerable discussion recently about the upcoming "iPhone 17 Air," which is anticipated to be the thinnest iPhone ever made. It is expected to be released in September alongside the rest of the iPhone 17 lineup.

Read more
Some iPhone users report overheating when using Apple Intelligence
The Nomad Magnetic Leather Back on the iPhone 16 Pro Max

After a long wait, iOS 18.2 has finally rolled out to the public at large and unlocked more Apple Intelligence features like Image Playground, Genmoji, and an upgraded Mail app. It might have also introduced a way to keep your hands warm on these frosty winter days, according to some users.

Reddit user u/dsdxp posted on the iPhone subreddit that they had unlocked a secret feature in the iPhone 16 Pro. The comment was obviously sardonic, but many other users responded with their own stories of troubling temperatures from their iPhones. The common element between all of the stories was the Image Playground app and the excessive heat it creates while in use.

Read more
Apple is about to stop selling multiple iPhones in Europe. Here’s why
The iPhone 14 Plus held in a man's hand.

The iPhone SE and iPhone 14 series will no longer be available for purchase in Europe at the end of the year. In an effort to make technology more consumer-friendly, the European Union ruled that any mobile device sold must be able to charge through USB-C, according to iGeneration. While more modern entries in Apple's lineup already meet those guidelines, the iPhone SE and iPhone 14 do not.

These aren't the newest additions to Apple's lineup, but the iPhone SE and the iPhone 14 series are still sold in Europe. These will be pulled from shelves as the deadline approaches. Customers have plenty of options, but this decision will leave the European market without an iPhone SE option until the next model releases in 2025.

Read more