Hackers are on to their next target: Samsung. By tampering with Samsung's pre-installed apps, hackers can now spy on users.
Hackers can watch users, and even take complete control of the entire system. What is more alarming is that the bugs seem to belong to a much more extensive set of an exploited one. One of Samsung's security researchers reported the incident to the tech giant's bug bounty program.
Samsung is a South Korean tech giant, but that did not stop hackers from tampering with their system. The company is now working on fixing endless vulnerabilities that continue to affect its mobile smartphones.
Hackers on Three Critical Samsung Issues
Bleeping Computer recently reported that ever since the start of 2021, the founder of Oversecured Company, Sergey Toshin, discovered over twelve vulnerabilities currently affecting all of Samsung's devices.
Because of the security risk that these bugs pose to Samsung users, the company only release light details about the incident. As of now, only three issues have been raised.
According to the online media outlet, Toshin also mentioned that the least threatening risk that the issue poses is that hackers can steal users' messages if they successfully trick the victim.
The two issues are more complicated and severe because of the gravity of their stealth.
Exploiting the bugs does not require Samsung users to do anything because they could use it to read and write arbitrary files to access the devices.
Samsung still has not confirmed when the bugs will be fixed, mainly because the entire process could take up to two months. The company still has to do numerous patch tests to ensure that it would not cause further problems.
Toshin added that he reported all of the three security threats, and he is now waiting to get his hands on the bounties.
Hacker Collected Almost $30,000
One hacker received almost $30,000 since the beginning of 2021 because he disclosed a total of 14 issues within Samsung devices' systems.
The hacker found out that there are bugs in the pre-installed applications on Samsung smartphones using an Oversecured scanner that he made to help with the bug.
He informed Samsung about the flaws in February, and even posted a video about how a third-party app could give him admin rights to any Samsung device. However, it had a massive side effect -- all of the applications in the Samsung device were deleted while trying to get elevated privileges.
The bug was later patched in April, but it still had a significant impact on the Managed Provisioning app, and it is now labeled as CVE-2021-25356.
As a reward, the hacker got $7,000 for reporting the bugs.
Bleeping Computer mentioned that Toshin also received $5,460 for letting Samsung know about another issue regarding their Settings app. It gave hackers access to arbitrary files as an actual system user. Its label is known as CVE-2021-25393.
Lastly, he got another $4,850 from February's batch of bugs that allowed creating arbitrary files disguised as a Telephony user who can access SMS and call details.
This article is owned by Tech Times
Written by Fran Sanders