Vulnerabilities have been discovered in Samsung’s custom software that was used to target Samsung phones running Android. Chaining vulnerabilities allow an attacker, as a root user, to gain read and write privileges on the operating system kernel, ultimately exposing device data.
Maddie StoneA security researcher at Google’s Project Zero said in a blog post that the security issue in Samsung phones targets some models equipped with Exynos chips with specific cores. The Exynos model of the South Korean tech giant’s phones are sold mostly in Europe, the Middle East and Africa, where the surveillance targets are likely to be.
Acetone It says the Galaxy S10, Galaxy A50 and A51 are among the models that used the affected kernel. A malicious app exploits this flaw by tricking users into installing apps from sources other than official stores, allowing an attacker to bypass security layers and gain access to the device’s operating system.
The first vulnerability, CVE-2021-25337, was the foundation of this chain, which was exploited at four different times and at least once in each phase. Because Java components run on Android devices at such a privileged level, they are not the most popular targets for security researchers.
Google declined to name the provider of the monitoring service; But he said the exploit follows a similar pattern to recent device infections in which Android malware is exploited to spread powerful spyware.
to report TechCrunchEarlier this year, security researchers discovered Hermit, an Android and iOS spyware developed by RCS Labs, used in targeted government attacks with known victims in Italy and Kazakhstan.
Hermit uses the method of tricking a target into downloading and installing a malicious app, such as a hidden utility, outside of the official Android app store; But then it silently steals the audience’s audio recordings, photos, videos and exact location data of the victim. The Internet search giant has notified Android users that their devices have been compromised with Hermit. Surveillance vendor Connexxa also used third-party malware to target Android and iOS phones.
Google reported the three zero-day vulnerabilities to Samsung in late 2020, and the South Korean tech giant released patches for affected phones in March 2021, but at the time it was not clear that the bugs were being actively exploited.
Acetone Stating that further research could uncover new vulnerabilities in custom software from Android device makers such as Samsung, he noted:
Analysis of this exploit chain has provided important insights into how attackers target Android devices. This highlights the need for more research on smartphone manufacturers’ specific components and shows where further analysis is needed.