MobileNews

Samsung patches security vulnerability impacting all Galaxy phones sold since 2014

Android gets a lot of flak for security, but most of the time errors can be traced back to changes that were made to the open-source platform. This week, a security vulnerability in every Android phone Samsung has sold since 2014 was patched after being exposed by Google’s Project Zero.

Project Zero is a team within Google that focuses on finding major vulnerabilities in various platforms, and recently, they discovered exactly that with Samsung. On every Android phone Samsung has sold since 2014, a security vulnerability was found that could be exploited with no user interaction or notification that could deliver an attacker’s code to the system.

How does this work? explains that the attack goes after Android’s graphics library — Skia — using .qmg files. Samsung customized the way that its Android smartphones handle this image format specifically, in turn leaving this vulnerability open.

By sending MMS messages to a Samsung device using the Samsung Messages app, Qmage files could exploit Skia and bypass Android’s Address Space Layout Randomization protection. This attack takes multiple MMS messages since it takes time for the file to “guess” where the Skia is located. Once it is found, though, a final message can execute the attacker’s code.

The process generally takes around 100 minutes and between 50 and 300 messages to complete.

Samsung has already fixed this issue for many users, too. The May 2020 security patch that is already rolling out fixes the problem for any affected Galaxy smartphone. The Galaxy S20 and Galaxy S10 series, for example, have already been patched with more devices to follow. To reiterate, it does not affect other Android smartphones.

More on Samsung:


Check out the latest Samsung phones at great prices from Gizmofashion – our recommended retail partner.


Author: Ben Schoon.
Source: 9TO5Google

Related posts
GamingNews

After Sony Kills PS5 Discs and GTA 6 is Just a Code in a Box, Xbox Is Using Halo: Campaign Evolved's Physical Disc as a Selling Point

GamingNews

'A Great Foundation for Our Upcoming Projects in This Universe' — CD Projekt Hails Cyberpunk 2077 as It Hits an Incredible 40 Million Copies Sold

GamingNews

Nintendo Brain Training Professor Explains Why Driving a Manual Transmission Car Is Better for Your Brain Than an Automatic

CryptoNews

Inside the Top 12 Bitcoin Addresses: Who Holds 1.35 Million BTC