Samsung has fixed two security flaws in the Galaxy Store, the official app store for the brand’s cell phones. The loopholes, discovered in December, allowed an attacker with local access to the device to install software on the device without user authorization, which could lead to contamination with malware and redirection to fraudulent pages on the internet.
- 6 apps to check what’s wrong with your phone
- New Android virus lets criminals use your phone remotely
In the sum of the two loopholes, a situation was generated in which arbitrary installation orders could be given to cell phones — in the proof of concept, researchers from the NCC Group used the vulnerability to install the Pokémon GO game. It, in itself, poses no risk, but the same could not be said for malicious uses involving dangerous software available in the Galaxy Store.
A second loophole was in the browser built into the marketplace. It even has a filter to limit the domains displayed to the user, but this protection can be easily bypassed to show malicious content, just by the presence of a specific Samsung tag in a domain. From then on, fake pages opened in Chrome or sent by message, for example, are executed in the internal browser and lead to new scams or installation of malware.
Experts point out that local access to a smartphone is not the most desirable thing in a massive malware campaign, but the same cannot be said for targeted scams against executives, politicians and other personalities. Privacy breaches, data theft and misuse of cell phone processing power are among the main results of attacks of this type.
According to the NCC Group, devices running the Android 13 operating system were not susceptible to the first vulnerability, which renders the entire exploit chain useless. However, at the other end, older devices running older versions of the Galaxy Store may not even receive the updates released in early January by Samsung, remaining at risk.
There is no security advice here, other than installing updates for the official marketplace if they are available. Attention to installed apps or erratic device behavior, such as higher-than-normal network and battery consumption, can also be indicators of compromise through the exploit chain revealed now.
Source: NCC Group