Home Hacking News Samsung Patch A Critical Zero-Click Vulnerability That Has Been Exposed Since 2014

Samsung Patch A Critical Zero-Click Vulnerability That Has Been Exposed Since 2014

by Abeerah Hashim
Samsung phones TrustZone vulnerability

Samsung has recently addressed a critical security bug affecting its phone for the past six years. According to the details, Samsung phones had a critical zero-click vulnerability allowing stealth attacks.

Samsung Zero-Click Vulnerability

Reportedly, almost all Samsung phones launched since 2014 have a critical zero-click vulnerability. This bug could allow remote code execution on the target phones.

The researcher Mateusz Jurczyk of Google Project Zero has caught the flaw earlier this year. Explaining his findings in a bug report, Jurczyk highlighted that the bug existed in the way how Android OS on Samsung phones handled Qmage image format (.qmg).

Android OS internally uses the Skia library for processing most image formats. This Skia library requires no user interaction for processing any image. Hence, a malicious incoming image may allow an attacker to gain access to the device.

The researcher elaborated on how a malicious image sent to a Samsung device could process via the Samsung Messages app (meant for handling all SMs and MMS) without user interaction. As stated,

In my testing, the default Samsung Messages app processes the contents of incoming MMS messages without any user interaction, and I expect that other similar attack vectors exist. Given its exposure and the fact that it is written in C++, Skia and its image-related components constitute remotely accessible interactionless attack surface on Android, potentially prone to memory safety issues.

He has demonstrated the exploit in the following video.

Patch Released – Update Your Phones!

Samsung recently released patches for this bug with the latest updates. Tracking the flaw as SVE-2020-16747, they mentioned in their advisory,

A possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution.
The patch adds the proper validation to prevent memory overwrite.

This issue typically affected Samsung devices as the vendors started supporting .qmg format in 2014.

Whereas, the other smartphones remained unaffected with this bug.

Since the updates are out, and the exploit is also available, all Samsung phone users must ensure installing the updates.

Let us know your thoughts in the comments.

You may also like