Connect with us

Hi, what are you looking for?

News

Google Says Evidence Shows Commercial Surveillance Vendor Was Exploiting Security in Samsung Phones

Google

Google claims that it has evidence that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities found in newer edition Samsung smartphones, which were discovered in Samsung’s custom-built software.

According to TechCrunch, the vulnerabilities, which allowed an attacker to gain kernel read and write privileges as the root user and expose device data, were used together as part of an exploit chain to target Samsung phones running Android.

Google Project Zero security researcher Maddie Stone stated the following in a blog post:

“The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device is running SMR Mar-2021 or later.

As defenders, in-the-wild exploit samples give us important insight into what attackers are really doing. We get the “ground truth” data about the vulnerabilities and exploit techniques they’re using, which then informs our further research and guidance to security teams on what could have the biggest impact or return on investment. To do this, we need to know that the vulnerabilities and exploit samples were found in-the-wild. Over the past few years there’s been tremendous progress in vendor’s transparently disclosing when a vulnerability is known to be exploited in-the-wild: Adobe, Android, Apple, ARM, Chrome, Microsoft, Mozilla, and others are sharing this information via their security release notes.

While we understand that Samsung has yet to annotate any vulnerabilities as in-the-wild, going forward, Samsung has committed to publicly sharing when vulnerabilities may be under limited, targeted exploitation, as part of their release notes.

We hope that, like Samsung, others will join their industry peers in disclosing when there is evidence to suggest that a vulnerability is being exploited in-the-wild in one of their products. “

You May Also Like

News

OpenSea has officially announced that they are reconsidering their policy on enforcing creator content royalty fees for NFTs as a result of community feedback,...

Gaming

One of Paris’ top esports teams Team Vitality has announced the launch of a brand new mobile app called V.Hive, which will be the first support-to-earn...

News

Animoca Brands’ CEO Yat Siu is speaking out following the epic collapse of FTX earlier in the week that sent shockwaves throughout the web3...

Crypto

Liquid, the FTX owned Japanese cryptocurrency exchange, has officially announced plans to start the process of returning customer assets in 2023, according to an...