comscore Samsung patches zero-click security vulnerability | BGR India
News

Samsung patches zero-click security vulnerability that affected all smartphones sold since 2014

The security flaw was discovered in February by Google's Project Zero team and has been patched by Samsung with May security update.

  • Updated: May 7, 2020 1:38 PM IST
samsung logo stock

Samsung has patched a zero click vulnerability affecting all of its smartphones sold since 2014. The South Korean giant released a security patch this week that brings a critical fix for its devices. The security flaw was first brought to light by a security researcher with Google’s Project Zero team. The flaw resides in how Samsung’s version of Android OS handles the custom Qmage image format (.qmg). Samsung started supporting this custom image format on all devices released since late 2014. Also Read - Samsung Galaxy Z Flip and Galaxy S20 Mother's Day deals revealed; Here are the details

Mateusz Jurczyk, a security researcher with Google’s Project Zero team, discovered a way to exploit the vulnerability. The vulnerability exploits how Skia (the Android graphics library) handles Qmage images sent to a device. Jurczyk says the Qmage bug can be exploited without user interaction leading to a zero-click scenario. This happens because Android redirects all images sent to a device to the Skia library for processing without a user’s knowledge. Also Read - Samsung announces ‘Stay Home, Stay Happy’ pre-book offers on TVs and more

Samsung fixes a critical bug

According to ZDNet, the researcher developed a proof-of-concept demo exploiting the bug against the Samsung Messages app. The app included on all Samsung devices, is responsible for handling SMS and MMS messages. The researcher exploited the bug by sending repeated MMS messages to a Samsung device. Each message attempts to guess the position of the Skia library in the Android phone’s memory. This is a necessary operation to bypass Android’s ASLR (Address Space Layout Randomization) protection. Also Read - Samsung Galaxy S20 series pre-booked customers get Rs 4,000 E-voucher; check details

Jurczyk further notes that once the Skia library is located in memory, a last MMS delivers the actual Qmage payload. It then executes the attacker’s code on a device. The researcher also notes that the attack usually needs between 50 and 300 MMS messages to probe and bypass the ASLR. In other words, it will take around 100 minutes to execute the attack. While it might look noisy and time consuming, the researcher adds that it can be done without alerting the user.

“I have found ways to get MMS messages fully processed without triggering a notification sound on Android, so fully stealth attacks might be possible,” the Google researcher told ZDNet. The researcher reportedly discovered the bug in February and reported the same to Samsung. The company has now patched the bug with the release of May 2020 security updates. The bug is tracked as SVE-2020-16747 in the Samsung security bulletin. In the Mitre CVE database, the bug is tracked as CVE-2020-8899. Other smartphones don’t seem to be impacted by this Qmage image format bug.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: May 7, 2020 1:34 PM IST
  • Updated Date: May 7, 2020 1:38 PM IST



new arrivals in india

Micromax In 2b
Micromax In 2b

8,999

Vivo Y72 5G
Vivo Y72 5G

20,990

Tecno Camon 17
Tecno Camon 17

12,999

Tecno Camon 17 Pro
Tecno Camon 17 Pro

16,999

Realme C11 2021
Realme C11 2021

6,999

Oppo Reno6 Pro 5G
Oppo Reno6 Pro 5G

39,990

Oppo Reno6 5G
Oppo Reno6 5G

29,990

Samsung Galaxy M21 2021
Samsung Galaxy M21 2021

12,499

OnePlus Nord 2
OnePlus Nord 2

27,999

Poco F3 GT
Poco F3 GT

27,999

Samsung Galaxy A22 5G
Samsung Galaxy A22 5G

19,999

Xiaomi Redmi Note 10T 5G
Xiaomi Redmi Note 10T 5G

13,999

Samsung Galaxy F22
Samsung Galaxy F22

12,499

Xiaomi Mi 11 Lite
Xiaomi Mi 11 Lite

21,999

Infinix Note 10 Pro
Infinix Note 10 Pro

16,999

Infinix Note 10
Infinix Note 10

10,999

Vivo Y73
Vivo Y73

20,990

OnePlus Nord CE 5G
OnePlus Nord CE 5G

22,999

iQOO Z3
iQOO Z3

19,990

Realme C25s
Realme C25s

9,999

Poco M3 Pro 5G
Poco M3 Pro 5G

13,999

Realme X7 Max 5G
Realme X7 Max 5G

26,999

Oppo F19
Oppo F19

18,990

Motorola Moto G40 Fusion
Motorola Moto G40 Fusion

13,999

POCO M2 Reloaded
POCO M2 Reloaded

9,499

OPPO A74 5G
OPPO A74 5G

17,990

Oppo A53s 5G
Oppo A53s 5G

14,990

Vivo V21 5G
Vivo V21 5G

29,990

Realme C25
Realme C25

9,499

Realme C21
Realme C21

7,999

Realme C20
Realme C20

6,799

Motorola Moto G60
Motorola Moto G60

17,999

iQOO 7
iQOO 7

31,990

Samsung Galaxy M42 5G
Samsung Galaxy M42 5G

21,999

Xiaomi Mi 11 Ultra
Xiaomi Mi 11 Ultra

69,999

Xiaomi Mi 11X Pro 5G
Xiaomi Mi 11X Pro 5G

39,999

Xiaomi Mi 11X
Xiaomi Mi 11X

29,999

Realme 8 5G
Realme 8 5G

13,999

Samsung Galaxy F02s
Samsung Galaxy F02s

8,999

Samsung Galaxy F12
Samsung Galaxy F12

10,999

POCO X3 Pro
POCO X3 Pro

18,999

Realme 8 Pro
Realme 8 Pro

17,999

Realme 8
Realme 8

14,999

Vivo X60 Pro Plus
Vivo X60 Pro Plus

69,990

Vivo X60 Pro
Vivo X60 Pro

49,990

Vivo X60
Vivo X60

37,990

OnePlus 9 Pro 5G
OnePlus 9 Pro 5G

64,999

OnePlus 9R 5G
OnePlus 9R 5G

39,999

OnePlus 9 5G
OnePlus 9 5G

49,999

Samsung Galaxy A72
Samsung Galaxy A72

34,999

Samsung Galaxy A52
Samsung Galaxy A52

26,499

Micromax In 1
Micromax In 1

10,499

Asus ROG Phone 5
Asus ROG Phone 5

49,999

Samsung Galaxy M12
Samsung Galaxy M12

10,999

Motorola Moto G30
Motorola Moto G30

10,999

Motorola Moto G10 Power
Motorola Moto G10 Power

9,999

Oppo F19 Pro Plus 5G
Oppo F19 Pro Plus 5G

25,990

Oppo F19 Pro
Oppo F19 Pro

21,490

Xiaomi Redmi Note 10 Pro Max
Xiaomi Redmi Note 10 Pro Max

18,999

Xiaomi Redmi Note 10 Pro
Xiaomi Redmi Note 10 Pro

15,999

Xiaomi Redmi Note 10
Xiaomi Redmi Note 10

11,999

Realme Narzo 30A
Realme Narzo 30A

8,999

Realme Narzo 30 Pro
Realme Narzo 30 Pro

16,999

Infinix Smart 5
Infinix Smart 5

7,199

Samsung Galaxy F62
Samsung Galaxy F62

23,999

Samsung Galaxy A12
Samsung Galaxy A12

12,999

Nokia 5.4
Nokia 5.4

13,999

Nokia 3.4
Nokia 3.4

11,999

Realme X7 Pro 5G
Realme X7 Pro 5G

29,999

Realme X7
Realme X7

19,999

Vivo Y31
Vivo Y31

16,490

Oppo Reno5 Pro 5G
Oppo Reno5 Pro 5G

35,990

Samsung Galaxy S21 Ultra 5G
Samsung Galaxy S21 Ultra 5G

1,05,999

Samsung Galaxy S21 Plus 5G
Samsung Galaxy S21 Plus 5G

81,999

Samsung Galaxy S21 5G
Samsung Galaxy S21 5G

69,999

Vivo Y12s
Vivo Y12s

9,990

Vivo Y51A
Vivo Y51A

17,990

Samsung Galaxy M02s
Samsung Galaxy M02s

8,999

Xiaomi Mi 10i
Xiaomi Mi 10i

21,999

Oppo A15s
Oppo A15s

11,490

Tecno Spark 6 Go
Tecno Spark 6 Go

8,499

Vivo V20 2021
Vivo V20 2021

24,990

Vivo Y20A
Vivo Y20A

11,490

Xiaomi Redmi 9 Power
Xiaomi Redmi 9 Power

11,999

Motorola Moto G9 Power
Motorola Moto G9 Power

11,999

Motorola Moto G 5G
Motorola Moto G 5G

20,999

Vivo V20 Pro
Vivo V20 Pro

29,990

Xiaomi Mi 10T
Xiaomi Mi 10T

35,999

Xiaomi Redmi 9i
Xiaomi Redmi 9i

8,299

Xiaomi Mi 10T Pro
Xiaomi Mi 10T Pro

39,999

Infinix Hot 10
Infinix Hot 10

9,999

Vivo V20 SE
Vivo V20 SE

20,990

Vivo V20
Vivo V20

24,990

Micromax In 1b
Micromax In 1b

6,999

Micromax In Note 1
Micromax In Note 1

10,999

OnePlus 8T
OnePlus 8T

42,999

Samsung Galaxy F41
Samsung Galaxy F41

15,499

Best Sellers