Google Claims Samsung Phones Were Targeted in Surveillance by a Vendor
Google claims it has evidence that a commercial surveillance vendor exploited three zero-day security flaws in Samsung smartphones.
These vulnerabilities were discovered in Samsung’s customized software and used as part of an exploit to attack Samsung phones running Android. These vulnerabilities can be used to allow an attacker kernel to read and/or write privileges as a root user and expose the device’s data.
Maddie Stone, a Google Project Zero security researcher, stated in a post how the exploit chain targets Samsung smartphones with an Exynos chip that runs a particular kernel version. Exynos chips are used in Samsung phones primarily in Europe, the Middle East and Africa.
Stone stated that Samsung phones using the affected kernel at the moment include the Samsung S10 and A50.
Since the flaws were fixed, a malicious Android application was able to exploit them. The user might have been tricked into downloading the malicious app from outside the app store. The attacker can access the entire operating system and escape the app sandbox that is designed to limit its activities. Stone stated that only a small part of the exploit app was obtained. It is not known what the final payload would be, even though the three vulnerabilities were a prerequisite for it.
Stone wrote that the arbitrary files read and write was the first vulnerability in the chain. It was used four times and used at most once in each step. Stone stated that the Java components of Android devices are not often the most sought-after targets for security researchers, despite being at such a high privilege level.