Samsung patches security vulnerability impacting all Galaxy phones sold since 2014

Android gets a lot of flak for security, but most of the time errors can be traced back to changes that were made to the open-source platform. This week, a security vulnerability in every Android phone Samsung has sold since 2014 was patched after being exposed by Google’s Project Zero.

Project Zero is a team within Google that focuses on finding major vulnerabilities in various platforms, and recently, they discovered exactly that with Samsung. On every Android phone Samsung has sold since 2014, a security vulnerability was found that could be exploited with no user interaction or notification that could deliver an attacker’s code to the system.

How does this work? explains that the attack goes after Android’s graphics library — Skia — using .qmg files. Samsung customized the way that its Android smartphones handle this image format specifically, in turn leaving this vulnerability open.

By sending MMS messages to a Samsung device using the Samsung Messages app, Qmage files could exploit Skia and bypass Android’s Address Space Layout Randomization protection. This attack takes multiple MMS messages since it takes time for the file to “guess” where the Skia is located. Once it is found, though, a final message can execute the attacker’s code.

The process generally takes around 100 minutes and between 50 and 300 messages to complete.

Samsung has already fixed this issue for many users, too. The May 2020 security patch that is already rolling out fixes the problem for any affected Galaxy smartphone. The Galaxy S20 and Galaxy S10 series, for example, have already been patched with more devices to follow. To reiterate, it does not affect other Android smartphones.

More on Samsung:

Check out the latest Samsung phones at great prices from Gizmofashion – our recommended retail partner.

Author: Ben Schoon.
Source: 9TO5Google

Related posts
Cleantech & EV'sNews

America's first US-built electric mini-truck begins street-legal homologation

Cleantech & EV'sNews

WAU Project Cyber teased as 'revolutionary' high performance electric bike

Cleantech & EV'sNews

Quick Charge Podcast: May 27, 2023

AI & RoboticsNews

iRobot's Roomba j7+ Combo vacuum is $300 off right now

Sign up for our Newsletter and
stay informed!