Technology Samsung phones take over due to critical vulnerability in...

Samsung phones take over due to critical vulnerability in MMS messages – Scammed ?!

Do you have a Samsung smartphone? All Samsung devices released in the last five years contain a critical vulnerability, making it relatively easy for attackers to take over. The attacker only needs to send an MMS (Multimedia Messaging Service) message. Although Samsung has released updates, not all devices will actually receive these updates.

At the root of this vulnerability are two custom image file formats, QM and QG (also known as Qmage). You can recognize these files by the extension .qmg. Sometime in the second half of 2014, Samsung added support for these file formats to the Android operating system, Security.nl reports

This vulnerability was discovered by a Google security researcher, Mateusz Jurczyk.

Run arbitrary code via specially prepared file

But how exactly does it work? An attacker who sends a specially prepared Qmage file can basically execute arbitrary code on the recipient’s device. Since no additional action by the receiving party is required in the case of an MMS message, it is an ideal attack tool. Just receiving the MMS message is sufficient, the user does not have to confirm anything, click on or otherwise show any form of interaction.

The so-called ASLR protection must be circumvented. ASLR stands for Address Space Layout RandomizationIn short, this is a security technique that aims to prevent exploitation of memory vulnerabilities. According to security researcher Jurczyk, circumventing this security is the most difficult part of the attack, but it has certainly proved possible.

Jurczyk has posted a demonstration video of this attack, which shows how the attacker takes control of the victim’s device through this attack method, can view photos and text messages, and also launch arbitrary apps. This can be seen below.

To successfully exploit this vulnerability, the attacker must send between fifty and three hundred so-called MMS “probes” to a device. On average, it would hit after a hundred times. What happens upon receiving such malicious code message is that the Messages app crashes. On Android devices, a program is restarted after a minute after several crashes, reports Security.nl

If you are busy with your phone, you will notice if something is not quite right. However, if attackers try to do it at night, you may become a victim of this attack unnoticed because you are sleeping.

Samsung labels the vulnerability as critical

On January 28 this year, Samsung was notified of this attack method, and the electronics giant labeled the leak as “critical.” Security updates have been released, but not every device will actually receive them.

Is your device no longer receiving security updates? Then you can also disable the functionality with which multimedia messages are automatically retrieved.

Open Messages > At the top right, go to the symbol with the three vertical dots> Go to Settings > Go to Advanced > Move the slider to Auto-download MMS.

More on WikiHow.

Source: Google / Samsung / Security.nl / WikiHow

.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest news

Oppo Introduces 125W Charging Technology Can Fill Full Mobile Phones …

loading... JAKARTA - Oppo officially announced globally 125W fast charging technology. This technology is able to recharge 4,000mAh...

Corona weekly figures: contamination decreases, especially in South Holland

After a long period in which the number of new corona cases continued to decline, this decline has now...

The government is neutral about proposing new rules for overtaking cyclists

According to the amendment submitted by CSSD deputy Petr Dolínek, drivers should overtake cyclists with a side distance of...

FIFA has news for the Orange and Eredivisie: also five changes next season

Clubs and countries may also switch to official matches five times next season. The...

INDF and ICBP will distribute dividends, see analysts’ recommendations

ILLUSTRATION. Security officers walk in front of a screen that displays information on share price movements in the...

The performer of “La Danse des canards”, JJ Lionel, died in Belgium

"It's the dance of the ducks, who come out of the pond, shake the bottom of the kidneys and...

You might also likeRELATED
Recommended to you