At Pwn2Own Ireland 2025, cybersecurity researchers Ben R. and Georgi G. from Interrupt Labs achieved a significant breakthrough by successfully exploiting a zero-day vulnerability in the Samsung Galaxy S25.
The exploit demonstrated how attackers could remotely activate the device’s camera, track real-time location, and gain complete control without the user’s knowledge.
This achievement highlights critical security gaps that persist in modern flagship Android smartphones, even after extensive manufacturer testing.
Understanding the Vulnerability
The core issue stemmed from improper input validation within the Galaxy S25’s software stack.
By crafting malicious inputs, the researchers bypassed Samsung’s security safeguards and executed arbitrary code remotely.
The vulnerability allowed attackers to gain persistent access to the device without requiring any user interaction, effectively turning the premium smartphone into a surveillance tool.
Such flaws commonly exist in multimedia or system libraries, where rapid feature development often outpaces security hardening efforts.
The researchers’ exploit chain proved sophisticated enough to evade Samsung’s defenses during the live competition, demonstrating that even devices subjected to rigorous quality assurance testing remain vulnerable to determined attackers.
The vulnerability was previously undisclosed to the public and Samsung alike before the event’s official revelation.
High-Stakes Ethical Hacking and Responsible Disclosure
For their impressive work, Ben R. and Georgi G. earned $50,000 in prize money along with 5 Master of Pwn points.
Pwn2Own Ireland 2025 distributed approximately $2 million across 73 unique zero-days, making it one of the year’s most significant cybersecurity events.
Organized by the Zero Day Initiative, these competitions serve an essential purpose: they reward researchers for responsibly disclosing vulnerabilities to manufacturers rather than selling them to malicious actors on the dark web.
Samsung received detailed technical reports on the exploit through the responsible disclosure process, enabling the company to develop patches without delay.
This approach protects millions of users by ensuring vulnerabilities are fixed before criminals can exploit them in the wild.
Samsung has not yet issued a specific public statement regarding this particular Galaxy S25 exploit, though historical patterns suggest an imminent security update will address it.
Given the potential severity of a vulnerability allowing camera activation and location tracking, users should prioritize security by enabling automatic updates and monitoring Samsung’s official channels for patches.
The exploit underscores why keeping mobile devices updated remains critically important.
Real-world attackers could leverage such flaws to compromise sensitive personal data, capture private moments, or track individuals’ movements.
Until Samsung releases a patch, users should exercise caution with untrusted applications and avoid connecting to suspicious networks.
This vulnerability represents another reminder that even premium devices from major manufacturers require constant vigilance and timely security updates to maintain user privacy and security in an increasingly hostile threat landscape.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1).webp?resize=1600,900&ssl=1&description=The exploit demonstrated how attackers could remotely activate the device's camera, track real-time location, and gain complete control without the user's knowledge.){kind=link}