The “Project Zero” team, working to find zero-day vulnerabilities of the US-based technology giant Google, made an important statement about Samsung phones. According to the engineers’ statement, Samsung has been exposed to very serious security vulnerabilities in the past years.
According to the research done by the Project Zero team, there are 3 important security vulnerabilities in Samsung phones, these vulnerabilities were used in a chain manner. By taking advantage of this vulnerability, hackers were able to first take control of the phones, then leak all the data on the phone and even act on behalf of the user.
3 popular models with Exynos processor were affected by security vulnerabilities!
When we look at the report, we see that these vulnerabilities can be exploited in models with Exynos processors. Moreover, the most popular Samsung phones such as Samsung Galaxy S10, Samsung Galaxy A50 and Samsung Galaxy A51 were affected by this vulnerability.
Hackers used the usual method!
The statement made by Google engineers shows that vulnerabilities targeting Samsung phones with Exynos processors are used through APK files. The hacker, who managed to develop a malicious software and have it installed on the phone with the help of an external source, then had the opportunity to capture all the information on the phone. Experts say that these vulnerabilities are exploited similarly to the Hermit malware, which was detected a few months ago.
They were closed in March 2021 but…
Google’s blog post states that the vulnerabilities were reported to Samsung in late 2020. Samsung also closed these vulnerabilities in security updates released in March 2021. The codes for the vulnerabilities were announced as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. However, there is an important mystery here. It is unknown how many users the vulnerability affects.
43400
