Hackers can now snoop on users by manipulating the pre-installed Samsung apps.
Hackers can monitor users and probably control the whole system altogether. Alarmingly, the vulnerabilities appear to be part of a much larger group of exploitable flaws. A security scientist of Samsung summarized the situation to the bug bounty program of the technological giant.
Samsung works to patch numerous vulnerabilities that impact its smartphones, that can be exploited to spy or control the system in the wild.
Sergey Toshin — the creator of the Oversecured mobile app security company — uncovered more than a dozen flaws that affect Samsung devices from the beginning of the year.
The information in three of them is currently light due to the noteworthy risk to users. Toshin said that the less pressing of these problems would allow attackers to obtain SMS messages if they deceived the victim without going into particulars.
However, the other two are more problematic, as they are more robust. No action by Samsung’s device owner is required to exploit them. An attacker might use it to read and/or write high permission arbitrary files.
It is uncertain when the improvements are presented to the consumers because generally the process takes approximately two months to assure that the patch doesn’t cause other complications.
All three safety vulnerabilities have been reported responsibly by Toshin and are currently awaiting the bounties.
The hacker has earned about $30,000 from Samsung alone since the beginning of the year, to reveal 14 vulnerabilities. Meanwhile, three more vulnerabilities await a patch. In a blog post Toshin shares technical specifics and proof-of-concept user instructions on seven of these issues that have been patched beforehand, bringing $20,690 in bounties.
For discovering and acquainting Samsung about the issues (CVE-2021-25393) in the Settings app that arbitrarily allowed hackers to gain access to read/write Toshin won a hefty bounty of $5460.
To mitigate possible security threats, users should use the latest firmware upgrades from the fabricators.
Toshin has identified over 550 vulnerabilities through HackerOne’s platform and several bug bounty programs over the US $1 million in bug prizes.
The Samsung Group is a global South Korean conglomerate based in Samsung Town, Seoul. It consists of many affiliates and the majority of them are under the mark of Samsung (business conglomerate). Also, it is the most prominent South Korean chaebol.