A security expert has found serious security flaws in some native Samsung apps that could allow hackers to spy on users. These vulnerabilities are part of a large set of vulnerabilities that have been responsibly reported to Samsung.
Oversecured security company founder Sergej Toshin found more than a dozen exploits in Samsung apps. Many of them have already been fixed by the South Korean tech giant through its monthly security updates. According to Tošin, these vulnerabilities could have led to a violation of the GDPR regulation, which means that if there had been a large-scale leak of user data as a result of them, the EU could have demanded significant damages from Samsung.
E.g. a vulnerability in the Samsung DeX system interface could allow hackers to steal data from user notifications. This could include chat descriptions for the Telegram and WhatsApp communication platforms or informace from notifications for applications such as Samsung Email, Gmail or Google Doc. Hackers could even create a backup on an SD card.
Due to the high risk they still pose to users, Tošin did not elaborate on some of the vulnerabilities informace. The least serious of these can allow hackers to steal SMS messages from a compromised device. The other two are even more dangerous, as an attacker could use them to read and write random files with elevated privileges.
“Globally, there have been no reported issues and we can assure users that their sensitive informace were not threatened. We addressed the potential vulnerabilities by developing and releasing security patches through the April and May updates as soon as we identified the issue," Samsung said in a statement.
You could be interested in
