Computer security researchers from Google Project Zero have discovered the presence of several unprecedented security vulnerabilities on the Samsung Galaxy S10, A50 and A51. According to the structure, these vulnerabilities were used by a company specialized in surveillance to spy on many users around the world.
While we learned this Friday, November 11 that the Google Pixel can be hacked with a simple SIM card, it is the turn of old Samsung smartphones to be at the center of a new concern. Indeed, computer security researchers have discovered the presence of several Zero-Day flaws within the Galaxy S10, A50 and A51.
According to experts from the Mountain View firm, these vulnerabilities were exploited by a monitoring service provider to spy on users and steal sensitive data. The structure adds that only devices equipped with the Exynos chip are affected. In other words, the victims were located in Europe, the Middle East or Africa.
Also read: Samsung – a security breach affects millions of Galaxy smartphones, install the update quickly
Spyware developed by an Italian company
Google did not reveal the identity of this company, but indicated that the vulnerabilities appear to be part of a chain of infection. Note that the research team only managed to obtain one component of the mining application. In other words, it still doesn’t know what the final payload is. Nevertheless, our colleagues on the site TechCrunch have hypothesized: it could be Hermitan Android and iOS spy software developed by the Italian company specializing in surveillance, RCS Lab.
“The first vulnerability in this chain, reading and writing arbitrary files, was the basis of this chain, and was used at least once in each step”, says Maddie Stone, Google Project Zero security researcher in an official blog post. She continues: “The Java components of Android devices don’t tend to be the most popular targets for security researchers, despite operating at such a privileged level.”
Google specifies that these flaws, which have since been corrected, have been exploited by a malicious Android application, which the user was able to download outside the Play Store. This infected app allowed the attacker to access the rest of the device’s operating system, according to Maddie Stone. Google Project Zero teams reported the three vulnerabilities to Samsung in late 2020and the South Korean manufacturer deployed patches on the affected smartphones in March 2021.