A critical zero-day vulnerability in Samsung’s flagship Galaxy S25 smartphone was successfully exploited at Pwn2Own Ireland 2025, demonstrating how attackers could silently activate the device’s camera and track a user’s real-time location.
Security researchers Ben R. and Georgi G. from Interrupt Labs revealed the sophisticated exploit during the competition’s final day, earning $50,000 in prize money and valuable recognition in the cybersecurity community.
The Vulnerability and the Breakthrough
The core issue stems from improper input validation within the Galaxy S25’s software stack. By carefully crafting malicious inputs, the researchers bypassed Samsung’s security defenses and gained remote control over the device without requiring any user interaction.
This means an attacker could potentially compromise a phone silently, leaving no obvious signs of intrusion.
The vulnerability remained undisclosed before the event, showcasing a gap that even Samsung’s rigorous security testing failed to catch.
The exploit chain proved sophisticated enough to enable persistent access to the device.
Once inside, attackers could hijack the camera to capture photos and videos, activate location tracking to monitor the user’s GPS data in real time, and potentially access other sensitive information stored on the phone.
Such powerful capabilities transform a premium smartphone into an unwilling surveillance tool.
Security experts attribute these types of flaws to the rapid development pace in multimedia and system libraries, where feature advancement sometimes outpaces security hardening.
Zero-day vulnerabilities like this one highlight the ongoing challenge manufacturers face in securing increasingly complex devices. Even flagship phones from trusted brands remain targets for sophisticated attackers.
The Interrupt Labs team’s achievement earned 5 Master of Pwn points, contributing to Pwn2Own Ireland 2025’s impressive total: $2 million in payouts across 73 unique zero-day vulnerabilities.
This competition, organized by the Zero Day Initiative, plays a crucial role in global cybersecurity by incentivizing ethical researchers to discover and responsibly disclose flaws.
Samsung has not yet released a specific public statement regarding this Galaxy S25 exploit. However, based on how the company has handled similar Android vulnerabilities in the past, a security update addressing this flaw should arrive soon.
The responsible disclosure process ensures Samsung receives detailed technical reports that allow engineers to develop and test patches before making them public.
For Galaxy S25 users, the best defense involves enabling automatic updates and checking Samsung’s official security channels regularly.
Keeping your device fully patched remains the most effective way to close zero-day gaps before attackers can exploit them in real-world scenarios.
Until the patch arrives, users handling sensitive activities should remain vigilant about their device’s behavior and permissions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
