VULNERABILITIES IN SAMSUNG SMARTPHONES ALLOW FOR FULL CONTROL OF THE DEVICE

Vulnerabilities allow access to data in TrustZone and execute arbitrary code.

Specialists of the Russian company Digital Security have discovered vulnerabilities in Samsung smartphones that allow them to gain complete control over the device. The problem affects devices with Qualcomm MSM8896 processors (Snapdragon 820), MSM8898 (Snapdragon 835), as well as Exynos 7420, 7870, 8890 and 8895. These are mainly current and flagship models from different years - Galaxy Note 5 and S6, Galaxy S8 and Note 8 , S7 and Note 7, S8 and Note 8, as well as J6, J7, A2 Core, J5, M10, A6 and A3.

The first of the two problems found is information disclosure vulnerability. With its help, an attacker can gain access to the contents of TrustZone, a hardware-isolated environment completely separate from the device’s operating system.

Samsung released patches for both vulnerabilities in May 2019.