Security Research
Showing results for 
Search instead for 
Do you mean 

Local Japanese team exploits mobile applications to install malware on Samsung Galaxy S4

Heather_Goudey ‎11-12-2013 11:04 PM - edited ‎11-13-2013 03:38 AM

Japan’s very own Team MBSD, of Mitsui Bussan Secure Directions, Inc., have demonstrated exploits against several applications installed by default on the Samsung Galaxy S4. Combined, these bugs allow the covert installation of a malicious application and the theft of sensitive data. The spoils for their hard work? A cool $40,000.

 

This team exploited multiple apps, installed by default on the Samsung Galaxy S4 to install malware and steal confidential data. In order for the exploit to be successful, the affected user must first be lured to an attacker-controlled malicious website. However, from there, no more user interaction is required and an attacker can install arbitrary applications of their choice with system-level privileges on the user’s device.

 

In this case, the payload was the capture and exfiltration of sensitive data including the affected user’s contacts, bookmarks, browsing history, screen shots and SMS messages.

 

The implications for this exploit are worrisome. While you may be reticent to click on links (heeding the commonly-given, if somewhat ridiculous advice to ‘click carefully’) it is unlikely that you assess risk and use caution the same way on your mobile devices as you do on your desktop. The message here, however, is clear – mobile platforms are vulnerable to the same or very similar methods of malware distribution that plague the desktop and you would be wise to take heed.

 

This vulnerability was disclosed to Samsung in the chamber of disclosures and they will be working to address.

0 Kudos
About the Author

Heather_Goudey

Labels
Events
Each Month in 2016
Online
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
Sep 30
Seattle, WA
OpenStack Days Seattle
OpenStack Days Seattle, September 30, is the largest gathering of OpenStack users and prospective users in the Pacific Northwest region.
Read more
View all