These three Samsung Galaxy phones had vulnerabilities exploited by an attacker
According to a blog post from Google Project Zero (via TechCrunch), a trio of zero-day vulnerabilities in several newer Samsung Galaxy phones was being exploited by a commercial surveillance vendor. These companies may be telecom or technology firms that track their customers in order to monetize their personal data by sending customized advertisements. Or it could be worse (more on that below).
Some Samsung Galaxy phones using Exynos chips had these vulnerabilities
According to Federal Trade Commission, such companies engage in the “collection, aggregation, analysis, storage, transfer or monetization of consumer data and direct derivatives of that information.” And in addition to harming consumers with these actions, the FTC is seeking to gather information showing that these actions lead to psychological harm, reputational damage, and unwanted intrusions that occur with the collection of this personal data.
One of the phones used was the Samsung Galaxy S10
But this specific situation can be more serious. until Google did not name a specific commercial surveillance vendor, he said the pattern resembles an earlier exploit that distributed “powerful nation-state spyware” via a malicious Android app. The vulnerabilities found in Samsung’s custom-built software were part of an exploit chain that would allow an attacker to gain kernel read and write privileges, which could eventually reveal personal data on the phone.
The exploit targets Samsung Galaxy handsets powered by an Exynos SoC using kernel 4.14.113. Phones matching this description include the Samsung Galaxy S10, Galaxy A50 and Galaxy A51. The versions of these phones sold in the US and China are equipped with a Qualcomm Snapdragon chip while in most other continents like Europe and Africa, the Exynos SoC is used. Google says the exploit “is based on the Mali GPU driver and DPU driver, which are specific to Exynos Samsung phones.”
The problems would start when a user was tricked into sideloading an app on their phone. Sideloading in this case means downloading an app from a third-party Android app store that isn’t the Google Play Store. Google reported it Samsung about the vulnerabilities in 2020, and while Sammy sent a patch in March 2021, the company did not mention that the vulnerabilities were being actively exploited.
Google’s Maddie Stone, who wrote the blog post, says, “Analysis of this exploit chain has given us new and important insights into how attackers are targeting Android devices. Stone also noted that with more research, new vulnerabilities may to be detected in custom software used in Android devices by phone makers like Samsung. Stone added, “It highlights the need for more research into manufacturer-specific components. This indicates where we need to do further variant analysis.”
Use the feedback section in the Play Store or a third-party Android app store to look for red flags
Going forward, Samsung has agreed to disclose when its vulnerabilities are being actively exploited by joining Apple and Google. The latter two manufacturers already warn users when such an event is occurring.
In June, We told you about spyware called Hermit that was used by governments to target victims in Italy and Kazakhstan. Similar to the security issue found in the three Exynos-powered Galaxy phones, Hermit required a user to upload a malicious app. Eventually, this malware would steal contacts, location data, photos, videos and audio recordings from the victim’s mobile.
A quick and dirty rule that may still work these days is to give the comments section a good look before installing an app from a developer you’ve never heard of before. If any red flags pop up, quickly exit that app’s list and never look back. Another great tip is to not load any apps. Yes, malware-related apps somehow get past Google Play’s security many times over, but you’re probably still less likely to get “infected” by sticking to downloading apps from the Play Store.
#Samsung #Galaxy #phones #vulnerabilities #exploited #attacker
