Samsung’s Galaxy S22 was hacked not once, not twice, but thrice at Toronto’s Pwn2Own event last week.
The Galaxy S22 was released in 2022 alongside Samsung’s flagship lineup. The devices are touted to have enterprise grade security protection through their Knox Platform, and are a part of the Android Enterprise Recommended Program. Additionally, the devices were fully patched when exploited. More details and replays can be found on daily results on Zero Day Initiative’s blog for the event. Of particular interest are the entries for the Day 1, Day 2, and Day 3 results.
According to Samsung’s Mobile Security Scope, they currently are eligible for monthly security patching (with fine print caveats) and according to the Android Enterprise Recommended program, they will be receiving security updates until February 2027. As Samsung states with their devices listed as having monthly updates in their fine print, they are “…subject to change as the regular support period expires. Also, some carriers may only support quarterly updates for applicable current models.” Samsung does not specify what the “regular support period” is, but from experience with unlocked devices in the United States, it can be anywhere from 1 to 2 years after which devices are shifted to quarterly patching. Additionally, devices locked to carriers sometimes don’t even allow current and timely patching period.
Of note, The Samsung Galaxy S22’s rivals from mobile device manufacturers such as Apple and Google were absent at this year’s event.