Multiple significant security weaknesses have been discovered in Samsung’s pre-installed Android apps. Recently disclosed flaws might have given cybercriminals access to personal data without the users’ knowledge and allowed them to take control of the devices, according to The Hacker News.
Sergey Toshin, founder of mobile security startup Oversecured, noted in an analysis published Thursday “The impact of these bugs could have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device’s settings”.
Toshin disclosed the vulnerabilities to Samsung in February 2021, and the manufacturer released remedies as part of its monthly security updates for April and May.
The following is a list of the seven vulnerabilities:
- CVE-2021-25356 – Managed Provisioning third-party authentication bypass
- CVE-2021-25388 – Vulnerability in Knox Core for arbitrary app installation
- CVE-2021-25390 – PhotoTable intent redirection
- CVE-2021-25391 – Insecure Folder Intent Redirection
- CVE-2021-25392 – It is possible to gain access to DeX’s notification policy file
- CVE-2021-25393 – As a system user, it is possible to gain read/write access to arbitrary files (affects the Settings app)
- CVE-2021-25397 – TelephonyUI arbitrary file write
Security researchers warn they could be used to install arbitrary third-party apps, grant device administrator privileges to uninstall other installed apps or steal sensitive files, read or write arbitrary files as a system user, and even perform privileged activities.
Oversecured showed in a proof-of-concept demo that it was possible to exploit intent redirection vulnerabilities in PhotoTable and Secure Folder to hijack app permissions to access the SD card and read contacts stored on the phone. Similarly, using CVE-2021-25397 and CVE-2021-25392, an attacker can rewrite the SMS/MMS message file with malicious content and steal data from user notifications.
To eliminate any security threats, Samsung device owners are advised to install the company’s latest firmware upgrades.