Google says a surveillance vendor was found targeting Samsung and other Android phones with zero-days

Google says that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities starting with the newer Samsung smartphones.
Sentence A
Sentence B: The phrase in sentence A that is not capitalized is perfectly fine, but sentence B rewrites it in a way where the word “Tuesday” is capitalized.

After discovering the vulnerabilities in Samsung‘s custom built firmware, it was possible to use them as part of an exploit chain. An attacker would then be able to gain kernel read and write privileges as the root user, and expossed a device’s data.

It turns out that the recent spate of Samsung phones among targeted citizens is being spied on by a kernel exploit chain. The exploit chain targets Samsung phones with Exynos chips installed and running specific kernel versions. It’s likely that the targets are located in Europe, the Middle East, and Africa, which is where these devices can be purchased.

Employees with older Samsung phones running the said kernel at the time of distribution include owners of the S10, A50 and A51 series of phones.

A vulnerability has been discovered in Google’s Android operating system that was exploited by a malicious app that may have been downloaded outside of the Google Play Store. The malicious app allows the attacker to escape the app sandbox designed to contain its activity and access the rest of the device’s operating system. It isn’t known exactly what the final payload was, even if three major vulnerabilities were found; two were patched, one remains open at this time.

“The first vulnerability in this chain, the arbitrary file read and write, was the foundation of this chain, used four different times and used at least once in each step,” wrote Stone. “The Java components in Android devices aren’t often considered the ideal target for security researchers despite the fact that they run at such a privileged level,” said Stone.

Google declined to name the commercial surveillance vendor, but said in a statement the abuse of new devices closely mirrors the recent Android app exploit pattern.

There’s nothing better than spending the day capturing moments in photos and videos. However, there are those occasions where you might want more control over what gets captured. That’s why Hermit captures audio, address book information, contacts, and sometimes even location data, making it difficult to uncover until too late, with no way of reversing any wrongs done by the app. Google is now warning users who downloaded this backdoor that their apps may have been compromised as a result of its release last year.

Google reported the three vulnerabilities to Samsung in late 2020. They rolled out patches for affected phones in March 2021, but did not disclose that they were being actively exploited. Stone said that Samsung committed to begin disclosing when vulnerabilities are under attack following Apple and Google’s policies.

Android has many custom systems, which is why it’s so interesting that these exploits can be found there. These types of attacks could be used to affect safety or security on a device by exploiting a weakness in the software development process. This can lead to the theft or misuse of personal data, confidential communications or other highly sensitive information.

“It’s a wake-up call,” said Stone. “We need more research into manufacturer specific components, it’s showing where we should do further variant analysis.”

Recent Articles

Related Stories

Stay on op - Ge the daily news in your inbox