Industry News

Zero-Day Exploit Found on Samsung Galaxy S3

A team of Android security experts successfully hacked a Samsung Galaxy S3 by revealing two Android exploits at the Mobile Pwn2Own competition at EUSecWest in Amsterdam. A memory corruption exploit was triggered via Near Field Communication, enabling researchers to upload malicious code and access secure data.

The second exploit found involved privilege escalation by enabling an app to execute malicious code outside its sandboxed system. By combining the two breaches the team gained full control over the Samsung Galaxy S3 smartphone and retrieved all data.

Although the exploit is not NFC related, Android OS was found vulnerable by using the NFC technology. Raising serious issues over how securely NFC and Android handle intents and permissions, MWR Labs explained that details of the exploits will be revealed once they’re patched.

“Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation,” said the team. “The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.”

By using their custom framework and the previously mentioned exploits, MWR Labs was also able to initiate calls to premium rated numbers. Emphasizing that Android 4.0.4 features many of the exploit problems encountered on desktop Linux distributions, the team says other protection methods are missing from the Android build.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

1 Comment

Click here to post a comment