Home » Trending » Devices & Gadgets » Samsung Reveals Critical Vulnerabilities in All Smartphones Released After 2014

Samsung Reveals Critical Vulnerabilities in All Smartphones Released After 2014

A patch to fix the vulnerability has been released by Samsung, although it remains unclear when owners of Samsung Galaxy devices will receive it, as even newly-released smartphones are vulnerable.

As monthly security updates for Samsung roll out, Google’s Project Zero researchers revealed details on a vulnerability in Samsung Android smartphones released in or after 2014. The bag was initially reported to Samsung in January.

The vulnerability is connected with how the Android operating system (OS) processes images of a particular format. An exploit using the vulnerability could potentially allow an intruder to gain control of the device through a code executed on the smartphone.

Samsung Galaxy smartphones handle images through the use of the qmg. file type, through the Skia library, something that a user has no control over. Mateusz Jurczyk, a Project Zero researcher who discovered the vulnerability, proved his disclosure by creating a series of MMS messages that were sent to a Samsung Galaxy 10+. The messages then located the Skia library on the device delivered the exploit, which, if performed by those with criminal intent, could contain malicious code that can be remotely executed. 

The code would be able to overwrite memory in the device almost immediately upon arrival via MMS, and a user does not have to open or interact the message. Moreover, a user would not know their smartphone was under attack, as this is ‘zero-click’ technology can avoid alerting a user as to what is happening.

“I have found ways to get MMS messages fully processed without triggering a notification sound on Android, so fully stealth attacks might be possible,” Jurczyk said to ZDnet.

The Samsung Android OS weak spot is being tracked as CVE-2020-8899 exploitability, and is described as: 

READ ALSO  Google Launches Ice 2 Smartphone In Nigeria Today

“An unauthenticated, unauthorized attacker sending a specially-crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction.”

Following the discovery, Samsung released updates that contain a patch that appears to overcome the problem. However, it is not yet clear when Samsung owners will be able to obtain this patch, as even newly-released devices like the Galaxy 10+ are yet to receive it.

Similar vulnerabilities in the Apple ecosystem were discovered by Google researchers in the end of April, revealing that the Mac IOS could be affected by data received from outside sources without the knowledge of, or interaction by, the user, particularly if users do not update their devices. – CULLED FROM SPUTNIKNEWS

Leave a Reply

Your email address will not be published. Required fields are marked *

*

x

Check Also

Why Substandard Phones Degrades Network Quality

IT NEWS NIGERIA:  Nigerian Communications Commission ...

African Telecoms Union, NCC, Others Join Forces To Fight Fake Devices

IT NEWS NIGERIA: The Nigerian Communications ...

OPPO Mobile launches in Nigeria, unveils OPPO F11 Pro and OPPO F11 Pro Avengers flagship devices

IT NEWS NIGERIA: Global smartphone giant, ...

GTBank Builds Nigeria’s First Digital Play Centre for Children

IT NEWS NIGERIA: Guaranty Trust Bank ...

Former Minister, Osita Chidoka Surprise @ Computer Village Visit

IT NEWS NIGERIA: *That the only ...