South Asian tech giant ‘Samsung’ is not safe from hackers anymore. Hackers may get access to user’s data without their knowledge. They may control their phone or exploit their personal information without any authorization or permission. What’s more concerning is that these flaws appear to be a part of a far larger group of exploitable ones. The problem was reported to Samsung’s bug bounty program by one of the company’s security experts.
These flaws came to light when Sergey Toshin, founder of a mobile security startup Oversecured, pointed them out in an analysis. He spent two weeks investigating security flaws in these apps and uncovered seven potentially serious vulnerabilities during this time. These weaknesses may have led to serious privacy violations, with hackers gaining access to sensitive conversations on users’ devices.
He also stated that these issues might have enabled an attacker to view and update the victim’s contacts, calls, SMS/MMS, install arbitrary programs with device administrator permissions. Or also read and write data code on behalf of a system user, which might have changed the device’s setting.
Toshin released the vulnerabilities to Samsung in February 2021. The record of seven vulnerabilities is as follow:-
Sergey Toshin had earned quite a sum of money from Samsung up to this time. First, Toshin got an enormous bounty ($5,460) for informing Samsung about a bug (CVE-2021-25393) in the Settings app that enabled acquiring read/write access to arbitrary folders with system user rights. Second, the third most expensive ($4,850) vulnerability in this February batch allowed uncontrolled file writing as a Telephony user with access to call records and SMS/MMS messages.
Toshin reported 550 above vulnerabilities in his whole career, earning over $ 1 million in bug bounties through the Hacker One platform and various bug bounty programs. He made roughly $30,000 this year alone after disclosing 14 problems to Samsung.
In May, Samsung corrected the majority of these issues. Toshin, on the other hand, informed BleepingComputer that Samsung also fixed another set of seven problems that he reported through the company’s bug bounty program.
Samsung is yet to announce when the flaws will be corrected because the whole procedure might take up to two months. The organization must still conduct several patch testing to verify that it does not create more issues.
To eliminate any security threats, Samsung device owners are advised to install the most recent firmware upgrades from the business.
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.
Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.