Samsung has fixed two security flaws in the Galaxy Store, the official app store for the brand’s cell phones. The loopholes, discovered in December, allowed an attacker with local access to the device to install software on the device without user authorization, which could lead to contamination with malware and redirection to fraudulent pages on the internet.
- 6 apps to check what’s wrong with your phone
- New Android virus lets criminals use your phone remotely
The fix came on January 1st for the CVE-2023-21433 and CVE-2023-21434 vulnerabilities, with proof of concept just released by digital security company NCC. The first gap was in access control, allowing the effective installation of applications, while the second allowed the execution of JavaScript codes, due to validation problems, which made it possible to generate commands that led to exploitation.
In the sum of the two loopholes, a situation was generated in which arbitrary installation orders could be given to cell phones — in the proof of concept, researchers from the NCC Group used the vulnerability to install the Pokémon GO game. It, in itself, poses no risk, but the same could not be said for malicious uses involving dangerous software available in the Galaxy Store.
–
Canaltech Podcast: from Monday to Friday, you can listen to the main headlines and comments on technological events in Brazil and in the world. Links here: https://canaltech.com.br/360/
–
A second loophole was in the browser built into the marketplace. It even has a filter to limit the domains displayed to the user, but this protection can be easily bypassed to show malicious content, just by the presence of a specific Samsung tag in a domain. From then on, fake pages opened in Chrome or sent by message, for example, are executed in the internal browser and lead to new scams or installation of malware.
Experts point out that local access to a smartphone is not the most desirable thing in a massive malware campaign, but the same cannot be said for targeted scams against executives, politicians and other personalities. Privacy breaches, data theft and misuse of cell phone processing power are among the main results of attacks of this type.
According to the NCC Group, devices running the Android 13 operating system were not susceptible to the first vulnerability, which renders the entire exploit chain useless. However, at the other end, older devices running older versions of the Galaxy Store may not even receive the updates released in early January by Samsung, remaining at risk.
There is no security advice here, other than installing updates for the official marketplace if they are available. Attention to installed apps or erratic device behavior, such as higher-than-normal network and battery consumption, can also be indicators of compromise through the exploit chain revealed now.
Read the article on Canaltech.
Trending on Canaltech:
- World’s oldest art was not made by humans
- It seems that the Earth’s core has stopped rotating. What are the consequences of this?
- Ed Force One | What happened to Iron Maiden’s plane?
- 10 best detective movies to watch on streaming
- How is it diagnosed and how long can loss of smell last in long covid?
- Oscar 2023 | See the nominees for the biggest awards in cinema
