Security News > 2020 > August > Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping

Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping
2020-08-11 14:48

Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.

Researchers have disclosed a slew of critical-severity, patched flaws in flagship Samsung smartphones - including the Galaxy S7, S8 and S9 models.

Researchers with Char49, who discovered the four glitches, said that if a bad actor convinced a target to download a malicious application onto their device, the flaws could have been chained together to launch various, insidious attacks.

In a real-life attack, that could mean that "When attacked, the device can be spied on or, in the worst-case scenario, wiped clean of all its data, without the victim even perceiving what was happening, exposing the victim to situations of blackmail and extortion," said researchers with Char49 in an analysis of the flaws [PDF].

Researchers formed an attack that could chain these four flaws together.


News URL

https://threatpost.com/samsung-quietly-fixed-critical-galaxy-flaws-allowing-spying-data-wiping/158241/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Samsung 1618 128 354 396 74 952