Google's Project Zero team obtained evidence that there is an exploitation chain for several Samsung devices, which came from a commercial surveillance vendor. Through this, it allows an attacker to get and access kernel read and write privileges that can expose data.
Partial Exploit Chain for Samsung Devices
Evidence was presented by Google Project Zero which says that a commercial surveillance vendor targeted Samsung smartphones and exploits three zero-day security vulnerabilities. These were discovered through the custom-built software of the devices and were used all together for the exploitation chain. As per the report of the team, it will give attackers access where they can obtain kernel read and write privileges since they will be the root user.
Google Project Zero Security Researcher Maddie Stone stated that the Samsung phones with an Exynos chip running a specific kernel version were heavily targeted in the exploit chain. These types of phones are currently in the market in different areas like Europe, the Middle East, and Africa. She also added that the devices that are affected by this are the Samsung S10, A50, and A51.
Based on a report from TechCrunch, the issues were already patched. The vulnerabilities were exploited by an Android application that tricked some users to install without using the Google App Store. The "malicious" app, as it was described in the report, allowed the attackers to break out from the sandbox of the application, which is specifically designed to secure the activity and access to the device's operating system.
"The first vulnerability in this chain, the arbitrary file read and write, was the foundation of this chain, used four different times and used at least once in each step. The Java components in Android devices don't tend to be the most popular targets for security researchers despite it running at such a privileged level," Stone stated.
Also Read : Google Discovers North Korean APT Hackers Threaten Security Researchers via Social Media Malware!
Google did not state the commercial surveillance vendor's name. However, it revealed that the pattern that was used for the exploitation was very similar to the infections from recent devices that were abused by several dangerous Android applications as they deliver "powerful nation-state spyware".
Rolling Out Patches
The report confirmed that this was reported to Samsung in late 2020 but rolled out patches in March 2021 for the affected devices. Samsung did not also disclose any information regarding the vulnerabilities that this may cause to the users during that time.
Stone stated, "The analysis of this exploit chain has provided us with new and important insights into how attackers are targeting Android devices." She also suggested that new vulnerabilities could pull out by specifying the vulnerabilities in the research.
Related Article : Meta Warns Apple and Google on Data-Stealing Apps
This article is owned by TechTimes
Written by Inno Flores