Google says it has found evidence that a surveillance service provider was exploiting three zero-day security vulnerabilities in new Samsung phones. These vulnerabilities apparently allow control of read and write permissions in the kernel and access to device data.
Google Project Zero security researcher Maddy Stone announced in a post that these vulnerabilities in Samsung custom software It has been found that they are used together in cyber attacks and target Android phones of this company. The attacks apparently run on devices with a chip from the brand Exynos They have a special kernel number.
Which Samsung phones have been identified with this vulnerability?
Samsung phones are usually sold in Europe, the Middle East and Africa with Exynos chips. Products that have been identified so far use this flawed kernel, Stone says. Galaxy S10, Galaxy A50 and A51 are. Of course, to exploit these vulnerabilities, the user must first install a malicious app on their device.
This application allows the attacker to access the operating system. Stone says he’s only obtained one component of the app so far, so he doesn’t know what the final payload is for infecting users’ phones:
“The first vulnerability in this chain, which is reading and writing files by contract, is considered the most important part of the chain. This vulnerability is used four times and at least once in each step. “The Java section of Android devices is not the best target for security researchers, although it has a high level of access.”
Google did not name the group that used these vulnerabilities, but said that exploiting this method is a pattern similar to Spyware attacks It is usually done by government-sponsored groups. Stone also announced that in this analysis and review, he obtained important information about the way of targeting Android devices, and now he considers it necessary to do more research on the software belonging to the manufacturers of Android products.