A vulnerability affecting all Samsung phones sold since 2014


Samsung this week released a security update to fix a serious vulnerability affecting all of its smartphones sold since 2014, and the security flaw lies in how Samsung devices deal with image format (Qmage), which South Korean giant phones have started to support on all their devices sold since Late 2014.

And Mateusz Jurczyk, a security researcher in the Project Zero team from Google, discovered a way to exploit how the Android graphics library called (Skia) handles Qmage images sent to the device, and this security defect can be exploited without the knowledge of the users or without any kind To interact with the device.

Samsung has recognized the security issue, as the May security update contains the fix, but it is not certain whether the fix will be rolled out to all affected devices.

According to Gorschik, the Android system redirects all images to the Skia library for processing – such as producing thumbnail previews – without the user’s knowledge once a Samsung user receives an image file via the Samsung Messages application, and Qmage image files can be exploited because they reveal The location of the (Skia) library in the phone memory.

The researcher developed To demonstrate the concept, he takes advantage of the error against the application (Samsung Messages), which is guaranteed by the company in all its devices, and is responsible for dealing with (SMS) and (MMS) messages, and Gorkik said that he took advantage of the error by sending repeated (MMS) messages to the Samsung device.

Each message tried to guess the position of the (Skia) library in the Android phone memory, which is a necessary process to bypass random address space planning (ASLR) protection in the Android system, and the researcher explains that once the (Skia) library is in memory, the last MMS message exceeds Protection The attacker’s instructions are executed on the device.

The attack usually needs between 50 and 300 MMS to verify and bypass ASLR protection, and the whole process of locating the Skia Library takes about 100 minutes.

The researcher explained that the attack is adjustable so that it can be executed without alerting the user, and he said: “I found ways to handle MMS messages completely without triggering the alert sound on the Android system, so it may be possible to launch completely hidden attacks.”

Although the researcher has not tested the exploitation of a (Qmage) error through other methods outside (MMS) and (Samsung Messages) application, the exploitation is possible in theory against any application that works on a Samsung phone that can receive (Qmage) images.

The researcher discovered the security vulnerability in February and reported it to Samsung, which in turn corrected the error in the May 2020 security updates.

Android smartphones made by other companies do not appear to be affected, given that Samsung is the only company that has modified the Android operating system to support the image format (Qmage) developed by South Korean company Koramsoft.

The Arab Technical News Portal


Please enter your comment!
Please enter your name here