Security News
On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes. [...]
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. [...]
After first announcing onboard AI in January, Samsung expanded what it's calling the Galaxy AI ecosystem on July 10 at the Galaxy Unpacked event in Paris. Samsung's two newest phones are the Galaxy Z Fold6 and Galaxy Z Flip6, both of which use Google's Gemini AI for translation, creative features and cosmetic changes.
Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices. Auto Blocker is an opt-in security feature that prevents the side-loading of risky apps downloaded from outside the Galaxy Store and Google Play.
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance systems, and NAS devices from Canon, Synology, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP. Interrupt Labs security researchers were the first to demo a Samsung Galaxy S23 zero-day in an improper input validation attack, while the ToChim team exploited a permissive list of allowed inputs to hack Samsun's flagship.
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. Pentest Limited was the first to demo a zero-day on Samsung's flagship Galaxy S23 device by exploiting improper input validation weakness to gain code execution, earning $50,000 and 5 Master of Pwn points.
ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since July 2022, respectively for each malicious app, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites posing as legitimate encrypted chat applications - the malicious apps are FlyGram and Signal Plus Messenger. Threat actors exploit fake Signal and Telegram apps.
Samsung has developed a new security system called Samsung Message Guard to help Galaxy smartphone users keep safe from the so-called "Zero-click" exploits that use malicious image files. Typically, attacks relying on zero-click exploits involve sending the target a message or file with malicious code to trigger a vulnerability on the device that gives the attacker access without the victim even opening the message or file.
Samsung classified the bugs as moderate risk and released fixes in version 4.5.49.8 shipped earlier this month. Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung.
Two vulnerabilities in the Galaxy App Store, Samsung's official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user's knowledge or to direct victims to a malicious web location. The Korean smartphone maker announced on January 1, 2023 that it fixed the two flaws and released a new version for Galaxy App Store.