Mobile app security outfit Oversecured reported no less than seven vulnerabilities in Samsung’s own apps and services. Some of these were ironically found in the Knox secure framework, but others also included the DeX desktop framework and even the Phone app UI. The vulnerabilities enabled hackers to steal SMS, install arbitrary apps, or gain access to files as the system user.
To be fair, there was a time when Google and Android, at least AOSP, didn’t provide decent apps and OEMs had to fend for themselves. Samsung provided its own SMS, Phonebook, Calendar, and even Calculator apps in addition to services like Knox security and Secure Folder to provide functionality that Android didn’t have. These days, Samsung still pre-installs some of these apps even as it also preloads Google’s equivalent and some actually became security liabilities.
There were other vulnerabilities that Oversecured hasn’t revealed publicly yet due to the severity of their risk. They did responsibly disclosed it to Samsung, who patched those flaws and rolled them out in updates for April and May this year. Samsung says they are not aware of any reports that exploited these flaws.
It isn’t rare for apps and software to have security holes, of course, but the closer they are to the core of the operating system, the bigger the risk they carry. Nothing gets closer to the system than Samsung’s own system apps, and this report should make Samsung more aware of the responsibility it carries with these pre-installed apps and services that users can’t easily uninstall or block.
The News Highlights
- Samsung’s pre-installed applications exposed Galaxy phones to hacking
- Check the latest update on Security news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week