Order the just-launched Galaxy Fold7, Flip7, or Watch8 Classic – New deal Galaxy S25 Ultra
Last updated: May 7th, 2020 at 07:56 UTC+02:00
SamMobile has affiliate and sponsored partnerships, we may earn a commission.
Reading time: 2 minutes
The zero-click security flaw resides in Samsung's custom version of Android and how it handles the custom ‘Qmage' image format (.qmg) that is developed by South Korean company Quramsoft. All Galaxy phones from the South Korean brand started supporting .qmg image files since late 2014, and its implementation had serious vulnerabilities. Qmage files are reportedly used in Samsung Themes.
Mateusz Jurczyk, a security researcher who works with Google's Project Zero bug-hunting team, found the vulnerability. He discovered a way to exploit how Skia (Android's graphics library) in Samsung's phones handles Qmage images sent to the phone. The bug could be exploited in a zero-click scenario, which means that it doesn't need any user interaction.
Android is designed in a way that it redirects all images received by the device to the Skia library, which then processes them to create thumbnails. All of this happens without a user's interaction or knowledge. The researcher sent repeated MMS messages to Samsung's phones in an attempt to guess the position of the Skia library in the device's memory.
Knowing the location of Skia is a necessary step to bypass Android's ASLR (Address Space Layout Randomization) protection. Once Skia's location is known, the last MMS containing a Qmage file is sent to the phone, which then executes the attacker's code on the device.
Apparently, it takes anywhere between 50 and 300 messages to exploit the vulnerability, and it can be accomplished within two hours and without alerting the user. Other apps on the phone that can receive Qmage images can also be used to exploit the critical vulnerability. However, Samsung finally patched the bug (SVE-2020-16747) with the May 2020 security patch last week.
All Galaxy users should install the May 2020 security update as soon as their phones receive it in order to stay protected. The May 2020 security patch has already been released to the Galaxy S20 series, Galaxy Z Flip, Galaxy Fold, Galaxy Note 10, Galaxy S10, and the Galaxy A50.
Asif is a computer engineer turned technology journalist. He has been using Samsung phones since 2004, and his current smartphone is the Galaxy S21 Ultra. He loves headphones, mechanical keyboards, and PC hardware. When not writing about technology, he likes watching crime and science fiction movies and TV shows.
Trending
We'd like to show you notifications for the latest important news and updates