Samsung phones are being targeted by some seriously shady zero-days

(Image credit: Iaremenko Sergii / Shutterstock)

Three Samsung smartphone models have been found carrying vulnerabilities that were allegedly abused by a commercial surveillance vendor to spy on people and probably steal their sensitive data.

Researchers from Google's Project Zero security team said that the Samsung S10, A50, and A51 models were affected, and that only devices powered by Samsung's home-made Exynos chip were vulnerable, meaning the targets (as well as the attackers) were located in Europe, the Middle East, or Africa. 

Google has not named the vendor, but it did say that the vulnerabilities appear to be part of an infection chain. The research team only managed to get a component of the exploit app, meaning it’s still in the dark about the final payload.

Nation-states' spyware

“The first vulnerability in this chain, the arbitrary file read and write, was the foundation of this chain, used four different times and used at least once in each step,” Google Project Zero security researcher Maddie Stone wrote in a blog post outlining the threat. 

“The Java components in Android devices don’t tend to be the most popular targets for security researchers despite it running at such a privileged level,” she added.

Google also said that the exploitation works in a fashion similar to one we’ve seen earlier, when a nation-state attacker targeted individuals with powerful spyware. 

This could be referring to Hermit, an Android and iOS spyware that was developed by RCS Lab, an Italian surveillance firm. Back then, Hermit was allegedly targeting people in Italy and Kazakhstan.

Every now and then, a commercial firm gets borderline criminal with its surveillance, spyware-like software. One such example is NSO Group Technologies, an Israeli technology firm primarily known for Pegasus, its proprietary spyware capable of remote zero-click smartphone surveillance. Pegasus has landed NSO Group in the media spotlight more than once, most notably in November 2021, when the US Government banned any trade with the firm.

Via: TechCrunch

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.