Google Blows Cover On Commercial Spyware Targeting Millions Of Samsung Phones
Spyware built by commercial surveillance firms is often sold to state actors who may deploy the malicious software in targeted attacks on political dissidents or foreign enemies. Earlier this year, Google published an analysis of a spyware named “Hermit” that was developed by RCS Labs. Spyware maker NSO Group has also frequently been in the news for its Pegasus spyware, which was found on at least nine phones belonging to members of the US State Department. This sort of commercial spyware can be incredibly potent, often leveraging multiple zero-day vulnerabilities. The spyware exploit chain targeting Samsung phones is no different.
The vulnerabilities leveraged in the exploit chain are specific to phones powered by Samsung’s Exynos SoC (system-on-a-chip) and running kernel 4.14.113. Samsung devices that would fit this description at the time Project Zero discovered the exploit chain include the Galaxy S10 lineup, as well as the A50 and A51. The caveat to this list of devices is that Samsung phones in the Galaxy S family sold in the United States bear Qualcomm’s Snapdragon SoCs. However, regardless of the SoC powering users’ Samsung phones, their devices should now be safe from this exploit chain so long as they’ve kept up with security updates.