14 DAY TRIAL // Samsung's SW Update Tool needed some patching this spring as a security researcher discovered that it was exposing users to MitM (Man-in-the-Middle) attacks.
Samsung SW Update Tool is your typical vendor driver update tool, a Windows application that works by scanning your Samsung machine and telling you if new updates are available. If users install it on other machines (Dell, HP, etc.), they can also fill in a form, enter their Samsung rig details, and retrieve the latest driver updates to copy on a USB drive and use later, on their Samsung device.
According to Joaquín Rodríguez Varela, Senior Security Researcher at Core Security in the CoreLabs Team, the Samsung SW Update tool contains two security-related issues.
Samsung tool was sending your data over the Internet in cleartext
The first is related to the fact that, when contacting Samsung's servers, the SW Update tool sent all the user's information in cleartext.
Anyone watching the network can snoop on this data. The worst-case scenario is when a malicious actor is carrying out reconnaissance operations in order to assess and detect possible targets for future attacks.
Since all the data is sent unencrypted and the data contains information about the user's hardware and driver firmware, the attacker has all they need to plan an attack.
Samsung tool does not verify downloaded drivers for authenticity
Here is also where the second SW Update Tool vulnerability comes into play, as the software doesn't check for the data's authenticity after it receives the driver downloads from Samsung's servers.
"These vulnerabilities in Samsung SW Update Tool could allow a malicious user to read and modify the requests made both by the user and by the Samsung servers and potentially allow such user to infect the victim with a malware [sic] or a remote access tool and gain control over its machine," Mr. Varela told Softpedia.
This scenario is your basic MitM attack, which in today's hacking community is easy to carry out because of the wide use of insecure WiFi networks and the numerous freely available tools that simplify the process.
Samsung fixed both issues
The good thing is that Samsung was on top of their game and fixed all security issues. "After our report, Samsung implemented a ciphered communication between the tool and its servers and also a verification mechanism of the downloaded drivers," Mr. Varela also informed us.
Only Samsung SW Update Tool version 2.2.5.16 was tested for these issues, but the researcher says that other older versions are also more than likely to exhibit the same behavior. Samsung released version 2.2.7.20 to address all the reported problems.
This is not the first security concern discovered in Samsung's SW Update Tool, which in June 2015 was at the center of a controversy after it had been caught disabling Windows Update behind users' backs.