Three Samsung smartphone models have been found to contain vulnerabilities allegedly exploited by a commercial surveillance vendor to spy on people and possibly steal their sensitive data.
Researchers from Google’s Project Zero security team said that the Samsung Galaxy S10, Galaxy A50 and Galaxy A51 models are affected by this vulnerability and that only devices powered by Samsung’s in-house manufactured Exynos chip are vulnerable. That is, the targets (and attackers) were located in Europe, the Middle East or Africa.
Google did not name the seller. But he said the vulnerabilities appear to be part of a chain of infections. The research team managed to retrieve only one component of the exploit, which means there is still not much information about the final payload.
“The first vulnerability in this chain, arbitrary file reading and writing, was the basis of this chain, used four different times and used at least once at each step,” Google Project Zero security researcher Maddie Stone said in a blog post outlining the threat. “Java components, despite operating at such a privileged level, don’t tend to be the most popular targets for security researchers,” he added.
Also, Google said that this abuse works in a manner similar to what we saw when a nation-state attacker targeted individuals with powerful spyware. This may refer to Hermit, an Android and iOS spyware developed by RCS Lab, an Italian surveillance firm. At that time, Hermit was allegedly targeting people in Italy and Kazakhstan.
Sometimes, a commercial firm can find itself in almost criminal behavior with its surveillance, spyware-like software. One such example is NSO Group Technologies, an Israeli technology firm primarily known for Pegasus. This proprietary spyware is capable of remote smartphone surveillance with zero clicks. Pegasus has brought the NSO Group to the media attention many times, especially in November 2021, when the US Government banned any trade with the company.