In the latest developments, Samsung has been found with numerous security flaws in their pre-installed apps that could compromise private user data.
Security vulnerabilities in Samsung:
Security experts are of the opinion that the security holes found in these Samsung pre-installed apps could permit malicious actors to get access personal data without the user’s consent and gain control of the victim’s device.
The strike of these Samsung security vulnerabilities can allow malicious actors to access and modify the victim’s phone contacts, calls, messages, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user that could change the device’s settings.
The effect of these security vulnerabilities can also lead to the exploitation to install arbitrary third-party apps, grant the device admin privileges to delete other installed applications or steal sensitive files, read or write arbitrary files as a system user, and even execute privileged actions.
Security expert Sergey Toshin, founder of mobile security startup Oversecured has detected and reported the flaws to Samsung back in February 2021.\
List of bugs:
Subsequently, patches were issued by the manufacturer as part of its monthly security updates for April and May. The list of the seven vulnerabilities is as follows –
- CVE-2021-25356 – Third-party authentication bypass in Managed Provisioning
- CVE-2021-25388 – Arbitrary app installation vulnerability in Knox Core
- CVE-2021-25390 – Intent redirection in PhotoTable
- CVE-2021-25391 – Intent redirection in Secure Folder
- CVE-2021-25392 – Possible to access notification policy file of DeX
- CVE-2021-25393 – Possible to read/write access to arbitrary files as a system user (affects the Settings app)
- CVE-2021-25397 – Arbitrary file write in TelephonyUI
The PoC i.e proof-of-concept of the Samsung vulnerabilities provides that Oversecured was able to influence the intent redirection bugs in PhotoTable and Secure Folder to hijack the apps’ permissions to access the SD card and read contacts stored in the phone.
Subsequently, by exploiting CVE-2021-25397 and CVE-2021-25392, an attacker could overwrite the file storing SMS/MMS messages with malicious content and steal data from user notifications.