Smartphones are central to the lives of many of us. Through them we communicate with loved ones, plan our days and organize our lives. That's why safety is so important to them. The problem is when an exploit appears that gives a user complete system access on basically any Samsung phone.
Users who like to customize their smartphones can benefit from such exploits. Deeper access to the system allows them, for example, to boot a GSI (Generic System Image) or change the device's regional CSC code. Since this gives the user system privileges, it can also be used in a dangerous way. Such an exploit bypasses all permission checks, has access to all application components, sends protected broadcasts, runs background activities, and much more.
The problem arose in the TTS application
In 2019, it was disclosed that a vulnerability labeled CVE-2019-16253 affects the text-to-speech (TTS) engine used by Samsung in versions earlier than 3.0.02.7. This exploit allowed attackers to elevate privileges to system privileges and was later patched.
Gallery
The TTS application basically blindly accepted whatever data it received from the TTS engine. The user could pass a library to the TTS engine, which was then passed to the TTS application, which would load the library and then run it with system privileges. This bug was later fixed so that the TTS application validates data coming from the TTS engine.
However, Google in Androidu 10 introduced the option to roll back applications by installing them with the ENABLE_ROLLBACK parameter. This allows the user to revert the version of the application installed on the device to its previous version. This capability has also extended to Samsung's text-to-speech app on any device Galaxy, which is currently available because the legacy TTS app that users can revert to on new phones was never installed on them before.
Samsung has known about the problem for three months
In other words, even though the mentioned 2019 exploit has been patched and an updated version of the TTS app has been distributed, it is easy for users to install and use it on devices released several years later. As he states websites XDA Developers, Samsung was informed of this fact last October and in January one of its developer community members going by the name K0mraid3 reached out to the company again to find out what happened. Samsung replied that it was a problem with AOSP (Android Open Source Project; part of the ecosystem Androidu) and to contact Google. He noted that this issue has been confirmed on the Pixel phone.
So K0mraid3 went to report the problem to Google, only to find that both Samsung and someone else had already done so. It's currently unclear how Google will go about solving the problem, if indeed AOSP is involved.
You could be interested in
K0mraid3 on forum XDA states that the best way for users to protect themselves is to install and use this exploit. Once they do, no one else will be able to load the second library into the TTS engine. Another option is to turn off or remove Samsung TTS.
It is unclear at this time if the exploit affects devices released this year. K0mraid3 added that some JDM (Joint Development Manufacturing) outsourced devices such as Samsung Galaxy A03. These devices may only require a properly signed TTS application from an older JDM device.
