Google says monitoring hardware vendor targeted Samsung phones without business days • TechCrunch

Google says monitoring hardware vendor targeted Samsung phones without business days • TechCrunch

Google says it has evidence that a commercial monitoring hardware supplier was exploiting three zero-day vulnerabilities found in the latest Samsung smartphones.

The vulnerabilities, discovered in specially designed Samsung software, were used together as part of an exploit chain to target Samsung Android phones. Serial vulnerabilities allow an attacker to gain kernel read and write privileges as root, and ultimately expose device data.

Google Project Zero security researcher Maddie Stone said in a Blog post The exploit chain targets Samsung phones with an Exynos chip running a specific kernel version. Samsung phones with Exynos chipsets are sold primarily across Europe, the Middle East and Africa, which is likely where the surveillance targets are.

Stone said that Samsung phones running the affected core at the time include The S10and A50 and A51.

The flaws, since patched, have been exploited by a malicious Android app, which the user may have been tricked into installing from outside the App Store. A malicious application allows an attacker to escape the sandbox of an application designed to contain its activity, and gain access to the rest of the device’s operating system. Stone said that only a component was sourced from an exploit, so it’s not known what the final payload will be, even if the three exploits pave the way for its eventual delivery.

“The first weak point of this series, is Read and write arbitrary filewas the basis of this chain, used four different times and used at least once in each step,” Stone wrote. “Java components in Android devices do not tend to be the most common targets for security researchers even though they operate at such a level,” Stone said. Outstanding.”

Google declined to name the commercial monitoring services company, but said the exploit follows a similar pattern to recent device infections where malicious Android apps have been misused to deliver powerful nation-state spyware.

Earlier this year, security researchers discovered the village of Hermit Spyware for Android and iOS It was developed by RCS Lab and used in targeted attacks by governments, with known victims in Italy and Kazakhstan. Hermit relies on tricking the target into downloading and installing a malicious app, such as an app disguised as cellular carrier assistance, from outside the App Store, but silently stealing the victim’s contacts, audios, photos, videos, and precise location data. Google has started notifying Android users who Devices hacked by Hermit. Monitoring vendor Connexxa is also used malicious side apps To target Android and iPhone owners.

Google reported the three vulnerabilities to Samsung in late 2020, and Samsung rolled out patches for affected phones in March 2021, but at that time it didn’t reveal that the vulnerabilities were actively exploited. Stone said Samsung has since committed to starting to detect instances where vulnerabilities are being actively exploited, and to follow up. apple And the The Googlewhich also reveal in their security updates when vulnerabilities come under attack.

“Analysis of this exploit chain has provided us with important new insights into how attackers target Android devices,” Stone added, noting that further research could reveal new vulnerabilities in custom software built by Android device makers, such as Samsung.

“It highlights the need for more research into manufacturer-specific ingredients. It shows where we should do more variable analysis,” Stone said.

#Google #monitoring #hardware #vendor #targeted #Samsung #phones #business #days #TechCrunch

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also
Back to top button