Samsung just fixed a bug that existed in all its smartphones ever since 2014, reveals Google researcher | HT Tech

Samsung just fixed a bug that existed in all its smartphones ever since 2014, reveals Google researcher

The bug was said to be related to Skia (the Android graphics library) and how it handled the custom Qmage image format (.qmg), something that the South Korean tech firm started supporting on its devices since 2014.

By: HINDUSTANTIMES.COM | EDITED BY ROBIN SINHA
| Updated on: May 07 2020, 17:52 IST
This was discovered by Mateusz Jurczyk, a security researcher with Google’s Project Zero team.
This was discovered by Mateusz Jurczyk, a security researcher with Google’s Project Zero team. (REUTERS)

Samsung's May 2020 software update reportedly fixed a vulnerability in smartphones that allowed hackers to exploit the device remotely, without user intervention. This vulnerability was found in all Samsung phones that were launched since 2014, as reported by ZDNet. And it was discovered by Mateusz Jurczyk, a security researcher with Google's Project Zero team.

The bug was said to be related to Skia (the Android graphics library) and how it handled the custom Qmage image format (.qmg), something that the South Korean tech firm started supporting on its devices since 2014.

You may be interested in

MobilesTablets Laptops
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

As per Jurczyk, the Qmage bug could be exploited without any user interaction. That's because the Android OS redirects all the images sent to the device, to Skia library for processing, whch includes creating thumbnails and more, without bothering the user.

Also read
Looking for a smartphone? To check mobile finder click here.

Also read: Samsung is planning some major upgrades to its Galaxy S21 camera

So, the researcher developed a demo that used the vulnerability along with Samsung Messages app, which is there in all the smartphones. This app not just handles the SMS texts but MMS multimedia as well. Jurczyk was able to exploit the bug by sending MMS repeatedly to a Samsung device. These were sent to locate the Skia library in the Android phone, something that is important to bypass Android's ASLR (Address Space Layout Randomization) protection. Once located, the last MMS delivers the Qmage payload on the device.

The researcher even added that the SMS or MMS sent to the user can be configured to reach the handset without any alerts. "I have found ways to get MMS messages fully processed without triggering a notification sound on Android, so fully stealth attacks might be possible," said Jurczyk.

Also mentioned what that this bug is not related to Samsung Messages app only and can be on any app that supports Qmage.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 07 May, 16:59 IST
NEXT ARTICLE BEGINS