Home » Trending » Devices & Gadgets » Samsung Reveals Critical Vulnerabilities in All Smartphones Released After 2014

Samsung Reveals Critical Vulnerabilities in All Smartphones Released After 2014

A patch to fix the vulnerability has been released by Samsung, although it remains unclear when owners of Samsung Galaxy devices will receive it, as even newly-released smartphones are vulnerable.

As monthly security updates for Samsung roll out, Google’s Project Zero researchers revealed details on a vulnerability in Samsung Android smartphones released in or after 2014. The bag was initially reported to Samsung in January.

The vulnerability is connected with how the Android operating system (OS) processes images of a particular format. An exploit using the vulnerability could potentially allow an intruder to gain control of the device through a code executed on the smartphone.

Samsung Galaxy smartphones handle images through the use of the qmg. file type, through the Skia library, something that a user has no control over. Mateusz Jurczyk, a Project Zero researcher who discovered the vulnerability, proved his disclosure by creating a series of MMS messages that were sent to a Samsung Galaxy 10+. The messages then located the Skia library on the device delivered the exploit, which, if performed by those with criminal intent, could contain malicious code that can be remotely executed. 

The code would be able to overwrite memory in the device almost immediately upon arrival via MMS, and a user does not have to open or interact the message. Moreover, a user would not know their smartphone was under attack, as this is ‘zero-click’ technology can avoid alerting a user as to what is happening.

“I have found ways to get MMS messages fully processed without triggering a notification sound on Android, so fully stealth attacks might be possible,” Jurczyk said to ZDnet.

The Samsung Android OS weak spot is being tracked as CVE-2020-8899 exploitability, and is described as: 

READ ALSO  Innjoo, TD Unveil Slimmest ‘Leap’ Power Bank Charging Laptop

“An unauthenticated, unauthorized attacker sending a specially-crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction.”

Following the discovery, Samsung released updates that contain a patch that appears to overcome the problem. However, it is not yet clear when Samsung owners will be able to obtain this patch, as even newly-released devices like the Galaxy 10+ are yet to receive it.

Similar vulnerabilities in the Apple ecosystem were discovered by Google researchers in the end of April, revealing that the Mac IOS could be affected by data received from outside sources without the knowledge of, or interaction by, the user, particularly if users do not update their devices. – CULLED FROM SPUTNIKNEWS

Leave a Reply

Your email address will not be published. Required fields are marked *

*

x

Check Also

If You’re Looking For A Cheap Chromebook, The Lenovo Chromebook Duet Won’t Disappoint

Lenovo Chromebook Duet , an inexpensive but ...

5 Easy tricks to help you free up storage space on your iPhone

IT News Nigeria: iPhone: There are ...

Transform that Wall into A Movie Theatre Screen: Best Portable Projectors

IT News Latest devices Series: Portable ...

Windows 10 gets new Start menu, personalized taskbar

IT News Nigeria Microsoft has been teasing ...

Apple’s iPhone 12 Pro and 12 Pro Max will have 120Hz displays, thinner bodies

IT News Nigeria: According to a ...