Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Flaws in Samsung Phones Exposed Android Users to Remote Attacks

August 12, 2020
in Internet Privacy
Flaws in Samsung Phones Exposed Android Users to Remote Attacks
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

New research disclosed a string of severe security vulnerabilities in the ‘Find My Mobile‘—an Android app that comes pre-installed on most Samsung smartphones—that could have allowed remote attackers to track victims’ real-time location, monitor phone calls, and messages, and even delete data stored on the phone.

Portugal-based cybersecurity services provider Char49 revealed its findings on Samsung’s Find My Mobile Android app at the DEF CON conference last week and shared details with the Hacker News.

You might also like

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

“This flaw, after setup, can be easily exploited and with severe implications for the user and with a potentially catastrophic impact: permanent denial of service via phone lock, complete data loss with factory reset (SD card included), serious privacy implication via IMEI and location tracking as well as call and SMS log access,” Char49’s Pedro Umbelino said in technical analysis.

cybersecurity

The flaws, which work on unpatched Samsung Galaxy S7, S8, and S9+ devices, were addressed by Samsung after flagging the exploit as a “high impact vulnerability.”

Samsung’s Find My Mobile service allows owners of Samsung devices to remotely locate or lock their smartphone or tablet, back up data stored on the devices to Samsung Cloud, wipe local data, and block access to Samsung Pay.

According to Char49, there were four different vulnerabilities in the app that could have been exploited by a malicious app installed on the targeted device, thus creating a man-in-the-disk attack to hijack communication from the backend servers and snoop on the victim.

samsung

The flaw stems from the fact the app checks for the presence of a specific file on the device’s SD card (“/mnt/sdcard/fmm.prop”) in order to load a URL (“mg.URL”), thus allowing a rogue app to create this file that can be used by a bad actor to potentially hijack the communications with the server.

“By pointing the MG URL to an attacker-controlled server and forcing the registration, the attacker can get many details about the user: coarse location via the IP address, IMEI, device brand, API level, backup apps, and several other information,” Umbelino said.

To achieve this, a malicious app installed on the device makes use of an exploit chain that leverages two different unprotected broadcast receivers to redirect commands sent to Samsung’s servers from the Find My Mobile app to a different server that’s under the attacker’s control and execute malicious commands.

The malicious server also forwards the request to the legitimate server and retrieves the response, but not before injecting its own commands in the server responses.

In doing so, a successful attack could allow a hacker to track the device’s location, grab call data and text messages for spying, lock the phone for ransom, and erase all data through a factory reset.

Needless to say, the vulnerability is yet another indicator of how an app that’s meant to safeguard users against information loss can be susceptible to a number of flaws that can defeat the app’s purpose.

“The FMM [Find My Mobile] application should not have arbitrary components publicly available and in an exported state,” Umbelino said. “If absolutely necessary, for example if other packages call these components, then they should be protected with proper permissions. Testing code that relies on the existence of files in public places should be eliminated.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

‘Machine learning is pivotal to every line of business, every organisation must have an ML strategy’

Next Post

Google to Microsoft: Nice Windows 10 patch – but it's incomplete

Related Posts

22-Year-Old Charged With Hacking Water System and Endangering Lives
Internet Privacy

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

April 16, 2021
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Internet Privacy

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

April 16, 2021
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
Internet Privacy

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

April 16, 2021
More Sophisticated, Prevalent and Evolving in 2021
Internet Privacy

More Sophisticated, Prevalent and Evolving in 2021

April 16, 2021
1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
Internet Privacy

1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them

April 15, 2021
Next Post
Google to Microsoft: Nice Windows 10 patch – but it’s incomplete

Google to Microsoft: Nice Windows 10 patch – but it's incomplete

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

ML Scaling Requires Upgraded Data Management Plan
Machine Learning

ML Scaling Requires Upgraded Data Management Plan

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Machine learning can be your best bet to transform your career
Machine Learning

Machine learning can be your best bet to transform your career

April 17, 2021
AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021
Neural Networks

AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021

April 17, 2021
Monitor Your SEO Placement with SEObase
Learn to Code

Monitor Your SEO Placement with SEObase

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • ML Scaling Requires Upgraded Data Management Plan April 17, 2021
  • SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack April 17, 2021
  • Machine learning can be your best bet to transform your career April 17, 2021
  • AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021 April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates