Samsung: The company's applications give access to hackers

Danger on Samsung Android devices. Many important security vulnerabilities were discovered in Samsung pre-installed applications. These gaps could give malicious users access to obtain personal data without the knowledge of the owners but also to take full control of the devices.

Sergey Toshin, founder of security company Oversecured, said on Thursday:

one

"The impact of these flaws could allow an attacker to gain access to edit the victim's contacts, calls, SMS/MMS, install arbitrary applications with administrative privileges or even write arbitrary code on behalf of a system user that could change the device's settings."

Toshin revealed vulnerabilities to Samsung in February 2021 and the company released corrective action on monthly security updates in April and May.

The following is a list of the seven vulnerabilities:

  • CVE-2021-25356 - Bypass Authentication
  • CVE-2021-25388 - Vulnerability in Knox Core for arbitrary application installation
  • CVE-2021-25390 - PhotoTable intent redirection
  • CVE-2021-25391 – Insecure Intent Redirection
  • CVE-2021-25392 - You can access the DeX alert policy file
  • CVE-2021-25393 - As a system user, you can gain read / write access to arbitrary files (affects the Settings application)
  • CVE-2021-25397 – Arbitrary registration TelephonyUI

The warn that the above loopholes could be used to install arbitrary third-party applications, grant device administrator privileges to uninstall other installed applications or steal sensitive files, read or write arbitrary files as a system user, and even perform privileged activities.

Oversecured has introduced a PoC that proves that it is possible to take advantage of PhotoTable intent redirection and Insecure Folder Intent Redirection to infringe changing the rights of applications to access SD cards and read contacts stored on the phone .

Similarly, using security vulnerabilities CVE-2021-25397 and CVE-2021-25392, an attacker could overwrite the malicious SMS / MMS message file and steal data from the user notifications.

Samsung recommends that you install the latest firmware updates immediately.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

hackerssamsung

Samsung, samsung galaxy, hackers, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).