Samsung Spyware Attack: LandFall 0-Day Used WhatsApp Images

by Anika Shah - Technology
0 comments

“`html





<a href="https://www.archynewsy.com/an-immigrant-died-in-one-of-the-three-small-boats-that-have-reached-the-coast-of-almeria/" title="An immigrant died in one of the three small boats that have reached the coast of Almería">LandFall</a> Spyware Targets Samsung Users via WhatsApp

LandFall Spyware targets Samsung Users via WhatsApp

This week has brought concerning cybersecurity news for smartphone users.Following reports of attacks targeting iPhones and active Gmail scams flagged by Google , a new spyware campaign dubbed “LandFall” has been discovered targeting Samsung devices through WhatsApp. This sophisticated attack highlights the ongoing vulnerability of mobile devices to increasingly complex threats.

What is landfall Spyware?

LandFall is a sophisticated spyware developed by a previously unknown entity. It’s designed to infiltrate Android devices, specifically samsung phones, and exfiltrate sensitive data. Unlike many attacks that rely on exploiting zero-day vulnerabilities (previously unknown security flaws), LandFall leverages a supply chain attack, making it particularly insidious. SecurityWeek details the complexity of this approach.

How Does LandFall Work?

The attack chain unfolds as follows:

  1. Compromised WhatsApp call: The attack begins with a missed WhatsApp call. This isn’t a typical call attempt; it’s a vehicle for delivering the malicious payload.
  2. Exploitation of a Samsung Vulnerability: The missed call exploits a vulnerability in Samsung’s firmware. This vulnerability allows the attackers to install the spyware without the user’s knowledge or consent.
  3. Data Exfiltration: Once installed, LandFall silently collects data from the device, including messages, calls, location data, and potentially other sensitive information. This data is then sent back to the attackers.

Crucially, the vulnerability exploited isn’t a zero-day in WhatsApp itself, but rather within the Samsung firmware that processes incoming WhatsApp calls. This makes it a supply chain attack, as the attackers are exploiting a weakness in a third-party component.

Which Samsung Devices are Affected?

While the full scope of affected devices is still being investigated, researchers have confirmed that multiple Samsung devices are vulnerable. The Hacker News reports that devices running Android 11 and later are potentially at risk, with specific models including those from 2020 and 2021. The exact list of affected models is evolving as research continues.

what Data is at Risk?

LandFall is capable of stealing a wide range of sensitive information, including:

  • SMS Messages: Full access to text message content.
  • Call Logs: Records of incoming and outgoing calls.
  • Contacts: The user’s entire address book.
  • Location Data: Real-time and historical location information.
  • Credentials: potentially, usernames and passwords stored on the device.

How to Protect Yourself

Protecting yourself from LandFall and similar threats requires a multi-layered approach:

  • Keep Your Software Updated: Regularly install software updates for your Samsung device. These updates frequently enough include security patches that address known vulnerabilities.
  • Be Cautious of Missed Calls: Be wary of missed calls from unknown numbers, especially if you weren’t expecting them.
  • Install a Mobile Security App: Consider using a reputable mobile security app that can detect and block malware.
  • Review App Permissions: Regularly review the permissions granted to apps on your device. Revoke any unnecessary permissions.

What is Samsung Doing?

Samsung has acknowledged the LandFall spyware and is working to address the vulnerability. Samsung’s official support page provides information and guidance for users. They have released security patches to address the vulnerability in recent updates. Users are strongly encouraged to install these updates as soon as possible.

Key

Related Posts

Leave a Comment