Google security researchers discovered a high-risk security vulnerability that would affect every Samsung Galaxy smartphone sold from 2014.
Security issues are not uncommon for Android phones. And just recently, a team of Google security researchers had discovered a critical vulnerability that would affect every Samsung Galaxy smartphone sold since 2014.
This security vulnerability could be dangerous as attackers can exploit it with zero interaction.
Google’s Project Zero
Google has a special team in place to handle security vulnerabilities. Project Zero is a team of security researchers and experts tasked with searching and fixing security issues across various platforms.
It’s also the very same team that discovered a major security issue within Samsung Galaxy smartphones.
Zero-click perfect 10 vulnerability
Mateusz Jurczyk of Project Zero was the one who discovered the security threat. The security researcher found a way to exploit how the Android graphics library, the Skia, manages the Qmage images sent to a particular device.
The threat itself has received a perfect 10 on the common vulnerability scoring system (CVSS). This means its as dangerous as it can be.
And the most difficult part is the fact this vulnerability has existed since 2014. That is around the time Samsung first supported the .qmg format in their Galaxy smartphone lineup.
Attackers can exploit this Qmage vulnerability without any actual interaction, a form of zero-click attack, to be exact. Through this vulnerability, it would be easy to insert attack codes on a Samsung Galaxy smartphone.
How the Qmage bug can be exploited
Jurczyk himself demonstrated how attackers could exploit the Qmage bug. According to the researcher, because all images sent to a device is redirected to the Skia for processing, one would simply need to locate the said graphics library.
This could be done by repeatedly sending multimedia SMS (MMS) to a particular device. Each of these messages is an attempt to locate the Skia in a device’s memory. Samsung and Android implement an Address Space Layout Randomization (ASLR) to add better security.
Sending MMS messages could potentially locate the randomized Skia location and bypass the ASLR. The messages sent could be around 50 to 300. Furthermore, the attack could take around 100 minutes to accomplish.
The final MMS would include the attacker’s code to be executed on the victim device.
What’s unfortunate about this is that attackers could silence the messages so the user wouldn’t know what is happening.
Resolved on the Samsung Galaxy
Project Zero had reported this vulnerability back in February. Since then, Samsung has taken ample time to ensure that a fix would arrive. Thankfully, they managed to accomplish that in their new May 2020 security patch.
This would fix the Qmage vulnerability in all Samsung Galaxy smartphones since 2014.