Jakarta, CNN Indonesia —
A security researcher has reportedly found security gaps serious on some original applications that come with mobile phones (hp) Samsung.
If this vulnerability is exploited by hackers, then this vulnerability can be used to spy on users. These vulnerabilities are just some of the many security flaws reported to Samsung.
Oversecured founder Sergey Toshin has discovered more than a dozen vulnerabilities in Samsung apps. For example, a vulnerability in the Samsung DeX interface could be used by hackers to steal data from user notifications, while other vulnerabilities could steal user SMS.
“The impact of this bug allows hackers to access and edit the victim’s contacts, calls, SMS/MMS, install applications … so that they can change device settings,” explained Toshin as reported Hacker News.
However, Samsung said the vulnerability had not had a significant impact on users.
“So far there have been no reports of (hacking) globally and it is confirmed that sensitive user data is not threatened,” Samsung said in a statement SamMobile.
Many of these security holes have been patched by Samsung through various security updates in April and May 2021. However, according to Toshin, some have not received patches so they are still vulnerable to hacking.
He pointed out that the vulnerability could lead to a violation of the GDPR or European Union (EU) legal regulations governing the protection of personal data within and outside the EU. Here’s a list of 7 vulnerabilities discovered in February 2021.
* CVE-2021-25356 – Third-party authentication bypass in Managed Provisioning
* CVE-2021-25388 – Arbitrary app installation vulnerability in Knox Core
* CVE-2021-25390 – Intent redirection in PhotoTable
* CVE-2021-25391 – Intent redirection in Secure Folder
* CVE-2021-25392 – Possible to access notification policy file of DeX
* CVE-2021-25393 – Possible to read/write access to arbitrary files as a system user (affects the Settings app)
* CVE-2021-25397 – Arbitrary file write in TelephonyUI
Samsung recommends to prevent hacking, users should make sure their device firmware is up to date.
(can/eks)
– .
:quality(80)/cdn-kiosk-api.telegraaf.nl/b48fab66-ccfe-11eb-a5ca-0218eaf05005.jpg?resize=150%2C150&ssl=1 "‘Furious Queen breaks silence in battle for name Lilibet’ | entertainment")