• Home
  • About
  • Privacy
  • Contact
  • DCMA
  • Terms
  • Submit / Write For Us
Wednesday, February 1, 2023
Android Buzz
  • News
  • Phones
  • Apps
  • Games
  • Reviews
  • Tech
    Bollywood's Top Iconic Indian Destinations

    Bollywood’s Top Iconic Indian Destinations

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    5 Ways to Boost Data Security on the Cloud

    5 Ways to Boost Data Security on the Cloud

    Qualcomm announces Snapdragon 8 Gen 2

    Qualcomm announces Snapdragon 8 Gen 2

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies- Technology News, Firstpost

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    • Devices
    • Streaming
    • Security
  • DEV
  • How To
    Bollywood's Top Iconic Indian Destinations

    Bollywood’s Top Iconic Indian Destinations

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    5 Ways to Boost Data Security on the Cloud

    5 Ways to Boost Data Security on the Cloud

    Qualcomm announces Snapdragon 8 Gen 2

    Qualcomm announces Snapdragon 8 Gen 2

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies- Technology News, Firstpost

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    • Photography
  • Accessories
  • Business
    Bollywood's Top Iconic Indian Destinations

    Bollywood’s Top Iconic Indian Destinations

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    5 Ways to Boost Data Security on the Cloud

    5 Ways to Boost Data Security on the Cloud

    Qualcomm announces Snapdragon 8 Gen 2

    Qualcomm announces Snapdragon 8 Gen 2

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies- Technology News, Firstpost

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    • Marketing
No Result
View All Result
Android Buzz
  • News
  • Phones
  • Apps
  • Games
  • Reviews
  • Tech
    Bollywood's Top Iconic Indian Destinations

    Bollywood’s Top Iconic Indian Destinations

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    5 Ways to Boost Data Security on the Cloud

    5 Ways to Boost Data Security on the Cloud

    Qualcomm announces Snapdragon 8 Gen 2

    Qualcomm announces Snapdragon 8 Gen 2

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies- Technology News, Firstpost

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    • Devices
    • Streaming
    • Security
  • DEV
  • How To
    Bollywood's Top Iconic Indian Destinations

    Bollywood’s Top Iconic Indian Destinations

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    5 Ways to Boost Data Security on the Cloud

    5 Ways to Boost Data Security on the Cloud

    Qualcomm announces Snapdragon 8 Gen 2

    Qualcomm announces Snapdragon 8 Gen 2

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies- Technology News, Firstpost

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    • Photography
  • Accessories
  • Business
    Bollywood's Top Iconic Indian Destinations

    Bollywood’s Top Iconic Indian Destinations

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Qualcomm announces Snapdragon AR2, S5 and S3 Gen 2 platforms

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    Apple to launch ‘MLS Season Pass’ subscription on February 1 • TechCrunch

    5 Ways to Boost Data Security on the Cloud

    5 Ways to Boost Data Security on the Cloud

    Qualcomm announces Snapdragon 8 Gen 2

    Qualcomm announces Snapdragon 8 Gen 2

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    As product-led growth expands, Loops digs into the data to track key metrics • TechCrunch

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Data breaches are happening in every organization, no matter the size, says VP encryption, Thales

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies

    Koo launches a bunch of new features to attract more Indian users as Twitter drama intensifies- Technology News, Firstpost

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    Apple Sued for Allegedly Collecting User Data, Violating Its Own Privacy Policies

    • Marketing
Android Buzz
No Result
View All Result
Home Business

Google says surveillance vendor targeted Samsung phones with zero-days • TechCrunch

by Staff Writer
in Business
Google says surveillance vendor targeted Samsung phones with zero-days • TechCrunch
61
SHARES
558
VIEWS
Share on FacebookShare on Twitter

Google says it has evidence that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities found in newer Samsung smartphones.

The vulnerabilities, discovered in Samsung’s custom-built software, were used together as part of an exploit chain to target Samsung phones running Android. The chained vulnerabilities allow an attacker to gain kernel read and write privileges as the root user, and ultimately expose a device’s data.

Google Project Zero security researcher Maddie Stone said in a blog post that the exploit chain targets Samsung phones with a Exynos chip running a specific kernel version. Samsung phones are sold with Exynos chips primarily across Europe, the Middle East, and Africa, which is likely where the targets of the surveillance are located.

Stone said Samsung phones running the affected kernel at the time include the S10, A50, and A51.

The flaws, since patched, were exploited by a malicious Android app, which the user may have been tricked into installing from outside of the app store. The malicious app allows the attacker to escape the app sandbox designed to contain its activity, and access the rest of the device’s operating system. Only a component of the exploit app was obtained, Stone said, so it isn’t known what the final payload was, even if the three vulnerabilities paved the way for its eventual delivery.

“The first vulnerability in this chain, the arbitrary file read and write, was the foundation of this chain, used four different times and used at least once in each step,” wrote Stone. “The Java components in Android devices don’t tend to be the most popular targets for security researchers despite it running at such a privileged level,” said Stone.

Google declined to name the commercial surveillance vendor, but said the exploitation follows a pattern similar to recent device infections where malicious Android apps were abused to deliver powerful nation-state spyware.

Earlier this year security researchers discovered Hermit, an Android and iOS spyware developed by RCS Lab and used in targeted attacks by governments, with known victims in Italy and Kazakhstan. Hermit relies on tricking a target into downloading and installing the malicious app, such as a disguised cell carrier assistance app, from outside of the app store, but then silently steals a victim’s contacts, audio recordings, photos, videos, and granular location data. Google began notifying Android users whose devices have been compromised by Hermit. Surveillance vendor Connexxa also used malicious sideloaded apps to target both Android and iPhone owners.

Google reported the three vulnerabilities to Samsung in late 2020, and Samsung rolled out patches to affected phones in March 2021, but did not disclose at the time that the vulnerabilities were being actively exploited. Stone said that Samsung has since committed to begin disclosing when vulnerabilities are actively exploited, following Apple and Google, which also disclose in their security updates when vulnerabilities are under attack.

“The analysis of this exploit chain has provided us with new and important insights into how attackers are targeting Android devices,” Stone added, intimating that further research could unearth new vulnerabilities in custom software built by Android device makers, like Samsung.

“It highlights a need for more research into manufacturer specific components. It shows where we ought to do further variant analysis,” said Stone.

Source by techcrunch.com

Share24Tweet15SendPin5

Related Posts

How Can Data Mining & AI Transform Business
Business

How Can Data Mining & AI Transform Business?

December 6, 2022
Ideas For Small Business Digital Marketing
Business

Ideas For Small Business Digital Marketing

December 5, 2022
Ripple, Bitcoin, and Ethereum coins with Hong Kong and Singapore flags
Business

Hong Kong and Singapore can make Asia into crypto central

November 17, 2022
Elon Musk fires Twitter employees overnight for criticising his plans on internal channels
Business

Elon Musk fires Twitter employees overnight for criticising his plans on internal channels- Technology News, Firstpost

November 17, 2022
Don’t Buy a Wi-Fi Extender: Buy This Instead
Business

Don’t Buy a Wi-Fi Extender: Buy This Instead

November 16, 2022
Twitter
Business

Twitter document warned Musk of Blue problems ahead of launch

November 16, 2022

Recommended

Xata gives Jamstack developers access to a serverless data platform with an API call • TechCrunch

Xata gives Jamstack developers access to a serverless data platform with an API call • TechCrunch

November 2, 2022
iOS 16.2 beta 2 now available, here are the top features

iOS 16.2 beta 2 now available, here are the top features

November 8, 2022
The Download: how Twitter is breaking, and YouTube’s TV experiment

The Download: how Twitter is breaking, and YouTube’s TV experiment

November 8, 2022
The RTX 4080 could launch with up to 40% less stock than the RTX 4090

The RTX 4080 could launch with up to 40% less stock than the RTX 4090

November 7, 2022
Elon guts Twitter, Google shutters Hangouts, and the tech layoffs continue • TechCrunch

Elon guts Twitter, Google shutters Hangouts, and the tech layoffs continue • TechCrunch

November 6, 2022
iPhone hackers can expose WhatsApp and Signal users' location

iPhone hackers can expose WhatsApp and Signal users’ location

October 21, 2022
  • Home
  • About
  • Privacy
  • Contact
  • DCMA
  • Terms
  • Submit / Write For Us
© 2021 androidbuzz.net
No Result
View All Result
  • News
  • Phones
  • Apps
  • Games
  • Reviews
  • Tech
    • Devices
    • Streaming
    • Security
  • DEV
  • How To
    • Photography
  • Accessories
  • Business
    • Marketing