A commercial surveillance provider exploited three zero-day vulnerabilities in recent Samsung Galaxy phones, according to a blog post from Google Project Zero (via TechCrunch). Corporations in this category may be telecoms or IT companies that are keeping tabs on their clients in order to deliver targeted ads based on their individual profiles. Or it may be something far darker (more on this below).
These Flaws Affected Some Samsung Galaxy Phones Equipped With the Company’s Own Exynos Processors
Such businesses “collect, aggregate, analyze, retain, transfer, or monetize consumer data and the direct derivatives of that information,” as defined by the Federal Trade Commission. The Federal Trade Commission is amassing evidence to establish that such practices cause emotional distress, reputational injury, and intrusive, unwelcome surveillance of customers.
In this case, though, the situation may be direr. Google didn’t specify which commercial surveillance provider was exploited, but it did remark that the method was similar to an earlier attack that delivered “strong nation-state malware” via a rogue Android app.
Samsung’s proprietary software included flaws that, when combined with others in the chain, would provide an attacker access to the phone’s kernel and, perhaps, sensitive information.
The vulnerable devices include Samsung Galaxy phones running on a kernel version 4.14.113 and an Exynos system-on-a-chip (SoC). The Samsung Galaxy S10, Galaxy A50, and Galaxy A51 are all suitable alternatives.
The Qualcomm Snapdragon chipset is used in models of those phones sold in the United States and China; the Exynos SoC is used in models sold in most other regions, including Europe and Africa. According to Google, the vulnerability “relies on both the Mali GPU driver and the DPU driver, which are unique to the Exynos Samsung phones.”
It would all go wrong if a user was misled into sideloading an app. When talking about Android apps, “sideloading” refers to the process of obtaining them from a source other than the official Google Play Store.
While Samsung did issue a fix for these issues in March 2021, after receiving a tip from Google, the firm made no mention of the fact that they were actively being exploited.
Blogger Maddie Stone from Google states, “The research of this exploit chain has given us fresh and critical insights into how attackers are targeting Android devices.”
Stone further noted that further investigation might reveal additional vulnerabilities in the bespoke software used on Android devices by phone makers like Samsung. Stone elaborated, “It shows there’s a need for greater study into components that are unique to certain manufacturers.” It reveals the areas where more research on variants is required.
Look for Warning Signs in the App’s Reviews on the Play Store or a Third-party Android App Store
With this new commitment, Samsung will join Apple and Google in providing transparency whenever one of their vulnerabilities is being actively exploited. As it is, consumers of products of the latter two brands are already notified if such an occurrence occurs.
In June, we informed you about a piece of malware known as Hermit that has been deployed by governments to attack citizens in Italy and Kazakhstan.
Hermit was a security flaw that affected three Samsung Galaxy phones powered by Exynos and required the user to sideload a malicious program. This virus was designed to steal the victim’s personal information from their mobile device.
Before installing an app from an unknown developer, a fast and dirty rule that may still work today is to go through the comments area. When warning signs appear, promptly uninstall the program and forget about it.
Avoid side-loading apps as much as possible; this is excellent advice. While it’s true that malware-infested apps often manage to bypass Google Play security, it’s still probable you’ll have less trouble being “infected” if you stick to downloading apps from the Play Store.