At Pwn2Own Ireland 2024 (sometimes referred to as Mobile Pwn2Own 2024), there were 61 entries targeting...IoT devices and printers. No wonder "mobile" is not in the event's title anymore. Thankfully, there was still 1 entry that targeted, and successfully pwned, the Samsung Galaxy S24. And now that the issues are patched, it is time to disclose those technical details!
The full exploit chain consisted of five different issues across several different applications, resulting in the ability to install arbitrary APKs. This talk will discuss the bugs that were discovered, how they were chained together, and the issues encountered while developing the Pwn2Own entry.
There are no stories about vendors being lame this year. Just pure technical details about the bugs, and how a ""Path Traversal"" issue ended up being the most interesting bug in the entire exploit chain.
Ken is a security consultant with 10+ years of experience under his belt. His primary focus is researching Android OS and application vulnerabilities, and using that research to exploit Android phones at Mobile Pwn2Own. He is also known for being really REALLY loud when his exploits work (sorry ahead of time if he gets loud and excited during his talk).
