Three Samsung smartphones (opens in new tab) Models have been found with vulnerabilities that have allegedly been exploited by a commercial surveillance vendor to spy on people and likely steal their sensitive data.
Researchers from the Google Project Zero security team said the Samsung S10, A50 and A51 models were affected and only devices powered by Samsung’s homemade Exynos chip were vulnerable, meaning the targets (as well as the attackers ) were in Europe, the Middle East or Africa.
Google didn’t name the vendor, but it did say the vulnerabilities appear to be part of an infection chain. The research team only managed to get their hands on a piece of the exploit app, meaning it’s still in the dark about the final payload.
Nation State Spyware
“The first vulnerability in this chain, the random file read and write, was the foundation of this chain, which was used four different times and at least once in each step,” wrote Maddie Stone, security researcher at Google Project Zero, in a blog post. . (opens in new tab) outlines the threat.
“The Java components in Android devices are usually not the most popular targets for security researchers, despite running at such a privileged level,” she added.
Google also said the exploit works in a manner similar to one we’ve seen before when a nation-state attacker targeted individuals with powerful spyware.
This could refer to Hermit, an Android and iOS spyware developed by RCS Lab, an Italian surveillance company. At the time, Hermit would target people in Italy and Kazakhstan.
Every now and then a commercial company becomes borderline criminal with its surveillance, spyware-like software. An example of this is NSO Group Technologies, an Israeli technology company best known for Pegasus, its own spyware capable of remote smartphone surveillance. Pegasus has brought NSO Group to media attention on more than one occasion, most notably in November 2021, when the US government banned all trade with the company.
Via: TechCrunch (opens in new tab)