Hackers can exploit pre-installed applications on Samsung smartphones to attack users

Tram Ho

According to Thehackernews , many security holes have been discovered in Android apps pre-installed on Samsung smartphones. The latest newly disclosed vulnerabilities easily allow cybercriminals to access personal data, even control devices without the user’s knowledge.

Hacker có thể khai thác các ứng dụng cài đặt sẵn trên smartphone Samsung để tấn công người dùng - Ảnh 1.

Sergey Toshin, founder of mobile security start-up Oversecured has shared his latest about vulnerabilities in pre-installed applications of Samsung smartphones.

Specifically, the vulnerability allows an attacker to access and modify the victim’s contacts, calls, SMS/MMS, install arbitrary applications with device administrator rights, or read and write arbitrary system files, resulting in a change to the device’s settings.

Toshin disclosed the vulnerabilities to Samsung in February 2021, and Samsung is working on patching the vulnerability through the latest firmware updates that just rolled out in April and May.

Security researchers warn that newly discovered vulnerabilities can easily be exploited to install third-party applications, thereby granting device administrator rights to hackers. The hacker can then uninstall other installed applications or steal sensitive files, read or write arbitrary files as a system user, and even exercise privileges.

In the demo evidence can be seen, the vulnerability in PhotoTable and Insecure Folder will gain access to the application via the SD card and read the contacts stored on the phone. Similarly, vulnerabilities like CVE-2021-25397 and CVE-2021-25392 make it possible for attackers to rewrite SMS/MMS message files with malicious content and steal data from user notifications.

Hacker có thể khai thác các ứng dụng cài đặt sẵn trên smartphone Samsung để tấn công người dùng - Ảnh 2.

To avoid security threats, owners of Samsung devices are advised to install the latest firmware upgrades from the company as soon as possible.

The above vulnerabilities are part of many reports by security researchers participating in Samsung’s bug-for-bounty program.

From Samsung alone, security expert Toshin has earned more than $30,000 since the beginning of the year after finding 14 issues and now only 3 are still waiting to be patched.

Toshin has reported over 550 vulnerabilities to date and earned more than $1 million in bounties from multiple companies, through the HackerOne platform and other bug bounty programs.

Refer to Bleepingcomputer

Share the news now

Source : Genk