Alarming security flaws found in Samsung pre-installed apps

An analysis of pre-installed apps on Samsung devices has revealed multiple security bugs which could have been exploited by attackers to spy on users and steal their data.

The vulnerabilities were uncovered by mobile security company Oversecured and first reported by Hacker News.

Oversecured spent two weeks looking for gaps in the security of these apps and discovered seven dangerous vulnerabilities.

The bugs could have resulted in significant privacy violations, with hackers able to access sensitive communication on the users’ devices.

“The impact of these bugs could have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device’s settings,” Oversecured said.

The table below shows the apps in which the vulnerabilities were discovered as well as a description of what kind of attack they allowed.

Vulnerabilities in Samsung pre-installed apps
CVE SVE Affected app Description
CVE-2021-25388 SVE-2021-20636 Knox Core Installation of arbitrary apps and device-wide theft of arbitrary files.
CVE-2021-25356 SVE-2021-20733 Managed Provisioning Installing third-party apps and granting them Device Admin permissions.
CVE-2021-25391 SVE-2021-20500 Secure Folder Gaining access to arbitrary content providers.
CVE-2021-25393 SVE-2021-20731 SecSettings Gaining access to arbitrary content providers leads to read/write access to arbitrary files as system user (UID 1000).
CVE-2021-25392 SVE-2021-20690 Samsung DeX System UI Ability to steal notification policy configuration.
CVE-2021-25397 SVE-2021-20716 TelephonyUI (Over-) writing arbitrary files as UID 1001.
CVE-2021-25390 SVE-2021-20724 PhotoTable Intent redirection leads to gaining access to arbitrary content providers.

A detailed explanation of how Oversecured was able to exploit each of the vulnerabilities on a testing device can be found on its website.

Samsung rolls out fixes

Oversecured reported the vulnerabilities to Samsung before revealing them to the public.

Samsung labelled the severity of the vulnerabilities from moderate to high and included fixes for them in its April and May firmware updates.

It also rewarded the company more than $20,500 for disclosing the bugs.

It is recommended that Samsung device owners install the latest firmware updates to prevent falling victim to hackers looking to exploit these bugs.

Now read: Apple will not launch feature to hide online identity in South Africa or China

Latest news

Partner Content

Show comments


Share this article
Alarming security flaws found in Samsung pre-installed apps