Security researcher Roberto Paleari has published a proof-of-concept video

Mar 21, 2013 13:59 GMT  ·  By

Italian security researcher Roberto Paleari has identified a total of 6 security holes in Samsung devices running Android. The flaws, which could be leveraged by an attacker to cause some serious damage, affect both older models such as Galaxy Tab GT-P1000 and newer devices such as the Galaxy S3.

The issues have been reported to Samsung in January, but since it’s taking the company too long to address them, the expert has decided to publicly reveal their existence.

According to Paleari, all the vulnerabilities can be exploited from an unprivileged local application. Attackers can hide malicious code inside an apparently-harmless application that they can distribute via Google Play or other app markets.

The expert highlights the fact that the vulnerabilities he has identified don't plague Android. Instead, they’re caused by “Samsung-specific software and customizations.”

Two of the vulnerabilities can be leveraged to silently install highly privileged apps without requiring any user interaction. A different issue can be exploited by an attacker to send SMS messages without requiring the android.permission.SEND_SMS permission.

Another vulnerability can be used to silently make phone calls, send emails and SMSs, and perform “almost any action.”

Other flaws can be used to change the settings on a device without the victim’s knowledge or consent.

“The ability to silently install privileged applications or to send SMS messages are quite appealing tasks for mobile malware authors and, to make things even worse, most of the issues I reported to Samsung are also pretty easy to find. As a consequence, I won't be surprised to find some malware in the wild that exploits these or similar vulnerabilities,” Paleari noted.

“Considering that most of these bugs can be fixed quite easily, without any drastic change to the device software, I admit that I was expecting a quick patch from Samsung. However, two months were not enough even to start the development of a security fix, and I don't think any patch will be released anyway soon,” he added.

“I really think Samsung cares about the security of its customers, but probably its vulnerability handling procedure should be revised a little bit.”

Here is a video POC published by Paleari: