At the Pwn2Own Ireland 2025 cybersecurity competition, researchers Ben R. and Georgi G. from Interrupt Labs demonstrated a significant security flaw in the Samsung Galaxy S25. They successfully exploited a previously unknown zero-day vulnerability, granting them full control over the device. This control enabled them to remotely activate the smartphone’s camera and monitor the user’s location without any user interaction.
The exploit was unveiled on the final day of the event, underscoring persistent security challenges in flagship Android devices, even those subjected to rigorous testing by manufacturers. This incident highlights the critical role of ethical hacking competitions in identifying and responsibly disclosing vulnerabilities to enhance global device security.
Technical Details of the Exploit
The core issue exploited by the Interrupt Labs team was an improper input validation bug within the Galaxy S25’s software stack. This flaw allowed attackers to bypass existing security measures and execute arbitrary code remotely. By crafting specific malicious inputs, the researchers demonstrated how an adversary could silently hijack the device without any user interaction. This technique effectively evaded Samsung’s defenses during the live contest.
This previously undisclosed vulnerability enabled persistent access to the device, transforming the premium smartphone into a potential surveillance tool. Attackers could capture photos, record videos, and access real-time GPS data, all without the user’s knowledge.
Experts note that such flaws often arise in multimedia or system libraries, where rapid feature development can outpace security hardening. This incident serves as a reminder of the importance of thorough security assessments in the development process.
Recognition and Rewards
For their sophisticated exploit chain, Ben R. and Georgi G. were awarded $50,000 in prize money and earned 5 Master of Pwn points. Their contribution was part of the event’s substantial $2 million total payout, which covered 73 unique zero-day vulnerabilities.
Pwn2Own, organized by the Zero Day Initiative, incentivizes participants to responsibly disclose security flaws. This approach ensures that vendors like Samsung receive detailed reports, allowing them to develop and deploy patches to protect users.
Samsung’s Response and User Recommendations
As of now, Samsung has not issued a specific statement regarding this Galaxy S25 exploit. However, based on historical patterns, it is anticipated that a security update will be released promptly to address this vulnerability, similar to recent fixes for other Android zero-day issues.
Users are strongly advised to enable automatic updates on their devices and monitor official Samsung channels for forthcoming patches. Unaddressed vulnerabilities of this nature could expose sensitive personal data to real-world attacks, emphasizing the importance of timely software updates.
Broader Implications
This incident is not isolated. In recent times, several zero-day vulnerabilities have been identified and exploited across various Android devices. For instance, Samsung’s September 2025 security update addressed a critical zero-day vulnerability (CVE-2025-21043) in the `libimagecodec.quram.so` library, which was actively exploited in the wild. This flaw affected devices running Android versions 13 through 16 and could allow remote code execution if a user processed a specially crafted image.
Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding a zero-day vulnerability (CVE-2025-48543) in the Android operating system. This use-after-free vulnerability within the Android Runtime (ART) could enable attackers to gain elevated control over affected devices.
These incidents highlight the ongoing challenges in mobile device security and the critical importance of prompt security updates. Users are encouraged to stay vigilant, apply updates as soon as they become available, and follow best practices for device security to mitigate potential risks.
