Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users


Samsung Apps

Multiple critical security flaws have been disclosed in Samsung’s pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users’ consent and take control of the devices.

“The impact of these bugs could have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device’s settings,” Sergey Toshin, founder of mobile security startup Oversecured, said in an analysis published Thursday.

Stack Overflow Teams

Toshin reported the flaws to Samsung in February 2021, following which patches were issued by the manufacturer as part of its monthly security updates for April and May. The list of the seven vulnerabilities is as follows –

  • CVE-2021-25356 – third-party authentication bypass in Managed Provisioning
  • CVE-2021-25388 – Arbitrary app installation vulnerability in Knox Core
  • CVE-2021-25390 – Intent redirection in PhotoTable
  • CVE-2021-25391 – Intent redirection in Secure Folder
  • CVE-2021-25392 – Possible to access notification policy file of DeX
  • CVE-2021-25393 – Possible to read/write access to arbitrary files as a system user (affects the Settings app)
  • CVE-2021-25397 – Arbitrary file write in TelephonyUI
Samsung Apps

The impact of these flaws means they could be exploited to install arbitrary third-party apps, grant the device admin privileges to delete other installed applications or steal sensitive files, read or write arbitrary files as a system user, and even execute privileged actions.

Prevent Data Breaches

In a proof-of-concept (PoC) demo, Oversecured established that it was possible to leverage the intent redirection flaws in PhotoTable and Secure Folder to hijack the apps’ permissions to access the SD card and read contacts stored in the phone. Likewise, by exploiting CVE-2021-25397 and CVE-2021-25392, an attacker could overwrite the file storing SMS/MMS messages with malicious content and steal data from user notifications.

Samsung device owners are recommended to apply the latest firmware updates from the company to avoid any potential security risks.





Source link

Mourad ELGORMA

Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Laisser un commentaire