Samsung’s own apps could have let hackers inside your Galaxy phone

Phone
By 

Last updated: June 15th, 2021 at 09:31 UTC+01:00

Samsung Galaxy phones come with a variety of native apps and it places a considerable responsibility on the company’s shoulders to ensure that they’re secure. Even though Samsung’s track record when it comes to security has been better than most, this is still easier said than done.

A security researcher has found serious flaws in the security of some of Samsung’s native apps. If exploited, the flaws would have enabled hackers to spy on you. These vulnerabilities are part of a large set that has been responsibly reported to Samsung.

Samsung has patched the vulnerabilities through recent updates

Oversecured’s founder Sergey Toshin has discovered over a dozen vulnerabilities in Samsung’s apps. Many have already been patched by Samsung through its recent monthly security updates. He did point out that these vulnerabilities could have led to a GDPR violation. This means that had a large-scale exposure occurred, Samsung would possibility on the hook for some significant damages in the EU.

For example, a vulnerability in the Samsung DeX System UI would have enabled a hacker to steal data from user notifications. That may have included chat descriptions for Telegram and WhatsApp in addition to information from notifications for apps like Google Docs, Samsung Email, Gmail and more. The hacker could even have created a backup on the SD card.

Another vulnerability in Secure Folder could enable an attacker to intercept the large set of rights that this secure file storage app has. They would first need to receive the intent sent by them in order to intercept the rights, for example, to read and write contacts in Secure Folder.

Toshin hasn’t revealed details about some vulnerabilities due to the high risk they still pose to users. The least severe of these vulnerabilities can enable hackers to steal SMS messages from a device. The other two are even more serious as they would allow an attacker to read and write arbitrary files with elevated permissions.

“There have been no known reported issues globally and users should be assured that their sensitive information was not at risk. We addressed the potential vulnerability by developing and issuing security patches via software update in April and May 2021 as soon as we identified this issue,” Samsung said in a statement.

These disclosures only underscore the responsibility that we as users have to ensure that our devices are always running the latest firmware. If you haven’t updated your phone yet, go ahead and download the latest update through our firmware section. You can also use our new tool to find out just how secure your Galaxy device is.

Source Phone
Load comments