Critical Flaws With Pre-installed Apps

Security bugs found in the pre-installed apps on Samsung devices. Sergey Toshin, founder of mobile security startup ‘Oversecured’ discovered and reported multiple dangerous vulnerabilities.

The critical vulnerabilities have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device’s settings.

Toshin reported the flaws to Samsung in February 2021, following which patches were issued by the manufacturer as part of its monthly security updates for April and May. The list of the seven vulnerabilities is as follows:

Vulnerability in Knox Core (CVE-2021-25388)

This vulnerability is exploited to install arbitrary third-party apps, grant the device admin privileges to delete other installed applications or steal sensitive files, read or write arbitrary files as a system user, and even execute privileged actions.

Vulnerability in Managed Provisioning (CVE-2021-25356)

In the proof of concept, Managed Provisioning was forced to download a malicious app from the attacker-specified link. The malicious app installed in was made a device administrator with an arbitrary set of rights.

A process was initiated which would remove all the other apps installed on the same device.

Vulnerability in Secure Folder (CVE-2021-25391)

It has a large set of rights that an attacker could intercept by exploiting the vulnerability found in accessing arbitrary content providers.

Once an attacker receives the intent which was sent by them, they would be able to intercept the rights.

Vulnerability in SecSettings (CVE-2021-25393)

The vulnerability on reading and writing arbitrary files from UID 1000 (system) consists of two components such as gaining access to arbitrary content providers and exploiting an insecure FileProvider in the app.

Vulnerability in Samsung DeX System UI (CVE-2021-25392)

This vulnerability allowed an attacker to steal data from user notifications, which would typically include chat descriptions for Telegram, Google Docs folders, Samsung Email and Gmail inboxes, and information from notifications of other apps.

Vulnerability in TelephonyUI (CVE-2021-25397)

In the analysis, it is found that the file with SMS/MMS messages was overwritten with attacker-controlled content.

Vulnerability in PhotoTable (CVE-2021-25390)

In the result, it is found that intent redirection, which allowed access to content providers to be intercepted.

How to Detect these Vulnerabilities?

Therefore it is recommended to use Oversecured’s mobile app scanner lets users detect bugs early, and notifies users about all the vectors mentioned in this report.

For a developer or an app owner, you can integrate Oversecured into your CI/CD to proactively secure your apps against these vulnerabilities. This will continuously monitor your apps and alert you if any new vulnerabilities are detected.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.