Samsung is engaged on patching a number of vulnerabilities affecting its cell units that could possibly be used for spying or to take full management of the system.
The bugs are half of a bigger set found and reported responsibly by one safety researcher via the corporate’s bug bounty program.
Severe points on Samsung units
For the reason that starting of the yr, Sergey Toshin – the founding father of Oversecured firm specialised in cell app safety, discovered greater than a dozen vulnerabilities affecting Samsung units.
For 3 of them, the small print are gentle in the mean time due to the excessive threat they pose to customers. With out stepping into particularities, Toshin instructed BleepingComputer that the least extreme of those points might assist attackers steal SMS messages in the event that they trick the sufferer.
The opposite two are extra critical, although, as they’re stealthier. Exploiting them requires no motion from the Samsung gadget person. An attacker might use it to learn and/or write arbitrary recordsdata with elevated permissions.
It’s unclear when the fixes will likely be pushed to the customers, as a result of the method sometimes takes about two months because of numerous testing of the patch to be sure that it doesn’t trigger different issues
Toshin reported all three safety vulnerabilities responsibly and is at present ready to obtain the bounties.
17 points responsibly disclosed
From Samsung alone, the hacker collected near $30,000 because the begin of the yr, for disclosing 14 points. The different three vulnerabilities are at present ready to be patched
For seven of those already patched bugs, which introduced $20,690 in bounties, Toshin gives technical details and proof-of-concept exploitation instructions in a weblog publish at present.
The hacker found the bugs in pre-installed apps on Samsung units utilizing the Oversecured scanner that he created particularly to assist with the duty.
He reported the issues in February and in addition revealed a video demonstrating how a third-party app obtained gadget admin rights. The exploit, a zero-day on the time, had an undesirable aspect impact, although: within the means of getting elevated privileges, all different apps on the Android telephone had been deleted.
The bug was patched in April. It impacted the Managed Provisioning app and is now tracked as CVE-2021-25356. The hacker obtained $7,000 for reporting it.
Toshin obtained one other hefty bounty ($5,460) for sharing particulars with Samsung about a difficulty (CVE-2021-25393) within the Settings app that allowed gaining learn/write entry to arbitrary recordsdata with privileges of a system person.
The third greatest paid ($4,850) vulnerability from this February batch allowed writing arbitrary recordsdata as a Telephony person, which has entry to name particulars and SMS/MMS messages.
Samsung patched most of those flaws in Might. Nevertheless, Toshin instructed BleepingComputer that Samsung additionally patched one other set of seven bugs that he disclosed via the corporate’s bug bounty program.
These carried dangers like studying/writing entry to person contacts, entry to the SD card, and leaking private info like telephone quantity, tackle, and e mail.
Customers are suggested to use the most recent firmware updates from the producer to keep away from potential safety dangers.
Toshin is predicated in Moscow and he reported more than 550 vulnerabilities in his profession, incomes over $1 million in bug bounties, via the HackerOne platform and numerous bug bounty packages.