Google says Samsung phones were targeted by a spy agency

Google claims to have evidence that three zero-day security weaknesses used by a commercial spy agency were found in current Samsung devices. 

The vulnerabilities that were discovered in Samsung’s proprietary software were exploited as a component of an attack chain to target Samsung cell phones running Android. The linked weaknesses provide root read and write access to the kernel, exposing data on a device as a result. 

According to Google Project Zero security researcher Maddie Stone, the attack chain targets the Exynos processor running a certain kernel version. The majority of Samsung phones sold in Europe, the Middle East, and Africa use Exynos chips, making these regions the most potential locations for surveillance targets.

The S10, A50, and A51 were among the Samsung phones using the impacted kernel. The flaws were exploited by malicious software that tricked the user into installing it from a location other than the app store.The malware granted the attacker access to the rest of the device’s operating system.

Google has not revealed the name of the commercial surveillance vendor, but it did mention that the pattern of exploitation is similar to other issues where Android apps were taken advantage of to find nation-state spyware. 

In March 2021, Samsung patched the affected phones after receiving the three vulnerabilities from Google in late 2020. Samsung did not disclose at the time that their vulnerabilities were being actively exploited.