Hackers Targeted Samsung's Phone Models' Zero-Day Loopholes, Google's Expert Says

by Anusuya Lahiri, Benzinga Editor
November 11, 2022 9:31 AM | 2 min read |
  • Alphabet Inc GOOG GOOGL Google Project Zero security researcher Maddie Stone said a commercial surveillance vendor exploited three zero-day security vulnerabilities found in newer Samsung Electronics Co, Ltd SSNLF smartphones
  • He said the exploit chain targets Samsung phones with an Exynos chip running a specific kernel version. 
  • The chained vulnerabilities allow attackers to gain kernel read and write privileges as the root user and ultimately expose a device's data.
  • Also Read: Microsoft Yet To Fix Two New Exchange Zero-Day Bugs; Expert Claims A China Connection
  • Samsung phones were available with Exynos chips primarily across Europe, the Middle East, and Africa, the likely location of the surveillance targets.
  • Stone said Samsung phones running the affected kernel at the time include the S10, A50, and A51.
  • The flaws, since patched, were exploited by a malicious Android app, tricking users into installing from outside of the app store. 
  • The malicious app allows the attacker to escape the app sandbox designed to contain its activity and access the rest of the device's operating system. 
  • The exploitation follows a pattern similar to recent device infections, which compromised malicious Android apps to deliver powerful nation-state spyware, TechCrunch reports.
  • Earlier this year, security researchers discovered Hermit, an Android and iOS spyware developed by RCS Lab and used in targeted attacks by governments, with known victims in Italy and Kazakhstan. 
  • Hermit relied on tricking a target into downloading and installing the malicious app and silently stole the victim's data. 
  • Google began notifying compromised Android device users of Hermit's attack. 
  • Google reported the three vulnerabilities to Samsung in late 2020, and Samsung rolled out patches to affected phones in March 2021. 
  • Stone said that Samsung has since committed to begin disclosing when vulnerabilities are actively exploited, following Apple Inc AAPL and Google.
  • Price Action: GOOG shares traded higher by 0.756 5% at $94.70 premarket on the last check Friday.
Market News and Data brought to you by Benzinga APIs

© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Comments
Posted In: NewsTechMediaBriefs
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!

Popular Channels

Tools & Features

Partners & Contributors

About Benzinga

© 2024 Benzinga | All Rights Reserved