Hackers use vulnerabilities in pre-installed apps on Samsung devices to spy on users

Security researchers have discovered multiple critical security vulnerabilities in Samsung’s pre-installed Android apps. Successful exploitation of these vulnerabilities may allow hackers to access personal data and control devices without the user’s consent.

Sergey Toshin, the founder of mobile security startup Oversecured, said in an analysis report published on Thursday that these vulnerabilities may allow attackers to access and edit victims’ contacts, phone calls, SMS/MMS, and install arbitrary applications with the permissions of device administrators. Programs, or read and write arbitrary files as a system user, and may change device settings.

Sergey Toshin reported these vulnerabilities to Samsung in February 2021, after which Samsung released patches in its monthly security updates in April and May to address the following vulnerabilities:

  • CVE-2021-25356–Manage third-party certification bypass in provisioning
  • CVE-2021-25388-Arbitrary application installation vulnerability in Knox core
  • CVE-2021-25390-Intent redirection in PhotoTable
  • CVE-2021-25391-Intent redirection in secure folders
  • CVE-2021-25392-It is possible to access DeX’s notification policy file
  • CVE-2021-25393-It is possible to read/write access to arbitrary files as a system user
  • CVE-2021-25397-Arbitrary file writing in Telephony UI

Join Our Samsung Channel On Telegram

The impact of these vulnerabilities means that they can be used to install arbitrary third-party applications, grant device administrator permissions to delete other installed applications or steal sensitive files, read or write arbitrary files as system users, and even execute Privileged operation.

In a proof of concept (POC) demonstration, hackers can use PhotoTable and Secure Folder Redirection Vulnerability of intent to hijack permissions of the application, access to the SD card and read phone contacts stored.

Similarly, by exploiting the CVE-2021-25397 and CVE-2021-25392 vulnerabilities, attackers can overwrite the files stored in SMS/MMS with malicious content and steal data in user notifications. It is recommended that Samsung device owners install the latest firmware update from Samsung to avoid any potential security risks.

If you like our news and you want to see such news even further, then follow RealMi Central on Google News, Telegram (RealMi Central, Xiaomi, Apple, Realme, Samsung, Microsoft, OnePlus, Huawei/Honor, Android 12), Twitter, Facebook (Page) (Group) & Instagram.

Leave a Comment