Samsung Phones Were Targeted With Zero-Day Surveillance Software, According To Google

Samsung Phones Were Targeted With Zero-Day Surveillance Software, According To Google
Play The Video Of The Article:

Google has discovered that a private surveillance company is using three recently discovered zero-day vulnerabilities in Samsung smartphones. The vulnerabilities, which were discovered in Samsung's proprietary operating system, were used together to target Samsung devices running Android. 

The chained vulnerabilities allow an attacker to gain kernel read and write privileges as the root user, which ultimately exposes a device's data. A Samsung handset with an Exynos chip operating a certain kernel version is targeted by this exploit chain, according to Google Project Zero researcher Maddie Stone. 

Samsung handsets are available exclusively in Europe, the Middle East, and Africa with Exynos chips, so that is where the targets of the surveillance are likely to be. The S10, A50, and A51 were affected when the vulnerable kernel was in use. The flaws, once patched, were exploited by a malicious Android app that the user may have been tricked into installing from outside the app store. 

The malicious app allows the attacker to escape the app sandbox designed to contain its activities, allowing the attacker to access the rest of the device's operating system. Stone said only a portion of the exploit app was obtained, so the payload was unknown, even if the vulnerabilities provided a path for its delivery. 

The chain was built on three vulnerabilities, one of which allowed the attacker to read and write files. Because Java components are used extensively in Android devices, they are not as popular targets for security researchers, even though they run at such a privileged level. 

Earlier this year, malicious Android applications were discovered to have been utilised to deliver powerful nation-state spyware in an effort to massively survey Android users. Google refused to divulge the identity of the surveillance company, but said it followed the same pattern as previous infections where malicious Android apps were used to surveillance people. 

Researchers discovered Hermit, a mobile and computer spyware developed by RCS Lab, which was used in targeted assaults. A victim is tricked into installing a malicious application that appears to be a disguised mobile phone assistance application from outside the app store, but silently steals the victim's contacts, audio recordings, photos, videos, and precise location information. 

Hermit has been used to target Android users. It can also be used to target iPhone users. According to Stone, Google disclosed to Samsung in late 2020 that it had discovered three vulnerabilities in the operating system of the firm's smartphones. 

However, at the time, Samsung did not disclose that the flaws were being exploited. In March 2021, Samsung released patches to phones that were affected by these vulnerabilities, but did not disclose that they had been exploited. Since then, Samsung has committed to disclosing to users when vulnerabilities are being exploited, following Apple and Google, which also announce in their security updates when vulnerabilities are being attacked. 

According to Stone, the research team has gained new insights into how attackers target Android devices by analyzing the exploit chain. Further research could expose new vulnerabilities in Android devices' custom software, which Samsung constructs, according to Stone.
Next Post Previous Post
No Comment
Add Comment
comment url