Google Obtains Partial Exploit Chain for Samsung Devices, Targeted by Commercial Surveillance Vendor

Google's Project Zero obtained evidences against exploitation chains for Samsung devices.

Google's Project Zero team obtained evidence that there is an exploitation chain for several Samsung devices, which came from a commercial surveillance vendor. Through this, it allows an attacker to get and access kernel read and write privileges that can expose data.

Samsung Galaxy S23
SAN FRANCISCO, CALIFORNIA - FEBRUARY 20: New Samsung Galaxy S10 smartphones are displayed during the Samsung Unpacked event on February 20, 2019 in San Francisco, California. Samsung announced a new foldable smartphone, the Samsung Galaxy Fold, as well as a new Galaxy S10 and Galaxy Buds earphones. by Justin Sullivan/Getty Images

Partial Exploit Chain for Samsung Devices

Evidence was presented by Google Project Zero which says that a commercial surveillance vendor targeted Samsung smartphones and exploits three zero-day security vulnerabilities. These were discovered through the custom-built software of the devices and were used all together for the exploitation chain. As per the report of the team, it will give attackers access where they can obtain kernel read and write privileges since they will be the root user.

Google Project Zero Security Researcher Maddie Stone stated that the Samsung phones with an Exynos chip running a specific kernel version were heavily targeted in the exploit chain. These types of phones are currently in the market in different areas like Europe, the Middle East, and Africa. She also added that the devices that are affected by this are the Samsung S10, A50, and A51.

Based on a report from TechCrunch, the issues were already patched. The vulnerabilities were exploited by an Android application that tricked some users to install without using the Google App Store. The "malicious" app, as it was described in the report, allowed the attackers to break out from the sandbox of the application, which is specifically designed to secure the activity and access to the device's operating system.

"The first vulnerability in this chain, the arbitrary file read and write, was the foundation of this chain, used four different times and used at least once in each step. The Java components in Android devices don't tend to be the most popular targets for security researchers despite it running at such a privileged level," Stone stated.

Google did not state the commercial surveillance vendor's name. However, it revealed that the pattern that was used for the exploitation was very similar to the infections from recent devices that were abused by several dangerous Android applications as they deliver "powerful nation-state spyware".

Rolling Out Patches

The report confirmed that this was reported to Samsung in late 2020 but rolled out patches in March 2021 for the affected devices. Samsung did not also disclose any information regarding the vulnerabilities that this may cause to the users during that time.

Stone stated, "The analysis of this exploit chain has provided us with new and important insights into how attackers are targeting Android devices." She also suggested that new vulnerabilities could pull out by specifying the vulnerabilities in the research.

This article is owned by TechTimes


Written by Inno Flores

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics