Samsung fixed a bug that existed in all its smartphones since 2014, reveals Google researchers
Samsung’s May 2020 software update reportedly fixed a vulnerability in smartphones that allowed hackers to make the most the tool remotely, with out person intervention. This vulnerability was observed in all Samsung telephones that were launched due to the fact 2014, as reported by means of ZDNet. And it was found by Mateusz Jurczyk, a security researcher with Google’s Project Zero team.
The bug was stated to be related to Skia (the Android pictures library) and the way it dealt with the custom Qmage photograph format (.Qmg), some thing that the South Korean tech firm started out supporting on its devices on account that 2014. As in line with Jurczyk, the Qmage trojan horse might be exploited without any consumer interaction. That’s because the Android OS redirects all of the images sent to the device, to Skia library for processing, whch includes growing thumbnails and more, with out bothering the user. So, the researcher advanced a demo that used the vulnerability at the side of Samsung Messages app, which is there in all of the smartphones. This app no longer simply handles the SMS texts however MMS multimedia as well. Jurczyk was able to make the most the trojan horse by way of sending MMS again and again to a Samsung tool. These were sent to discover the Skia library within the Android phone, some thing that is important to skip Android’s ASLR (Address Space Layout Randomization) protection. Once located, the ultimate MMS supplies the Qmage payload on the tool. The researcher even added that the SMS or MMS sent to the person may be configured to attain the handset without any alerts. “I have discovered methods to get MMS messages fully processed with out triggering a notification sound on Android, so fully stealth attacks might be possible,” stated Jurczyk. Also stated what that this bug is not associated with Samsung Messages app handiest and may be on any app that helps Qmage.