Security flaws found in Samsung’s stock mobile apps – TechCrunch

A mobile security startup has found seven security flaws in Samsung’s pre-installed mobile apps, which it says could have given attackers broad access to a victim’s personal data.

Oversecured said the vulnerabilities were found in multiple apps and components that ship with Samsung phones and tablets. Oversecured founder Sergey Toshin told TechCrunch that the vulnerabilities have been verified on a Samsung Galaxy S10+, but all Samsung devices could potentially be affected because built-in apps are responsible for system functionality.

Toshin said the vulnerabilities could have allowed a malicious app on the same device to steal a victim’s photos, videos, contacts, call records and messages, and change settings “without consent or notice.” of the user” by hijacking the permissions of Samsung’s stock apps.

One of the flaws could have allowed data theft by exploiting a vulnerability in Samsung’s Secure Folder app, which has a “broad set” of rights on the device. In a proof of concept, Toshin showed that the bug could be used to steal contact data. Another bug in Samsung’s Knox security software could have been used to install other malicious apps, while a bug in Samsung Dex could have been used to grab data from app user notifications, inboxes, and emails. posts.

Oversecured published the technical details of the vulnerabilities in a blog post and said it reported the bugs to Samsung, which fixed the flaws.

Samsung confirmed that the flaws affected “selected” Galaxy devices but would not provide a list of specific devices. “There have been no known issues reported globally and users should be assured that their sensitive information is not at risk,” but offered no evidence to support the claim. “We addressed the potential vulnerability by developing and releasing security fixes via software update in April and May 2021 as soon as we identified this issue.”

The startup, which launched earlier this year after self-funding $1 million in bug bounty payments, uses automation to find vulnerabilities in Android code. Toshin found similar security flaws in TikTok and Android’s Google Play app.

Casey J. Nelson

Synagogues use mobile apps like Venmo to collect tzedakah – J.

Mobile apps: helping businesses connect with their customers

Fintech puts insurance on mobile apps from Indonesia to Vietnam

Bengaluru Auto Unions to launch its own mobile apps for ride sharing

Meta discovers 400 mobile apps to steal Facebook login credentials

Investall Announces Launch of AI-Powered Mandarin Chinese and Portuguese Website and Mobile Apps