Google’s Threat Analysis Group (TAG) revealed on Wednesday (29) that a Critical security flaw discovered over a year ago, but still not fixed by Samsung. The vulnerability allows information to be leaked by malicious agents through the ARM Mali GPU driver, present in several chips used by the brand.
ARM released a patch for the Mali GPU kernel in January 2022. Phone, tablet and other device makers had about eight months to provide a fix for the zero-day vulnerability before it went public, but the South Korean one seems not to have made the appropriate changes to their Galaxy devices.
Identified by the number CVE-2022-22706, the security flaw was discovered by cybersecurity researchers at Google’s Project Zero. At the time, it was found that the vulnerability was actively exploited by hackers, which increased the urgency of fixes for the Kernel Driver of Mali GPUs.
It is important to note that all cell phones and tablets with Samsung or MediaTek chips have a Mali GPU — except for the Galaxy S22, Galaxy S22 Plus and Galaxy S22 Ultra, which use the Xclipse 920 GPU based on AMD’s RDNA 2 architecture. Devices with Qualcomm hardware, such as the Galaxy S23, are not at risk.
TAG claims that an exploit chain was identified in December of last year, and it included libraries to decrypt and capture data from various messaging and web browsing apps. Samsung Internet was vulnerable to these attacks, but the manufacturer fixed the holes in an update to version 19.0.6 (or newer).
The problem is that the security flaw still exists at the system level, so the ARM Mali GPUs of millions of Galaxy phones are still vulnerable to attacks in their kernel. Hackers could develop new ways to exploit the hardware security hole without relying on Samsung Internet.
According to TAG experts, an exploit chain of the security flaw was identified in December 2022. A spyware written in C++, which included libraries to decrypt and capture data from various messaging and web browsing applications, could grant users intruders access the system.
The last year has been marked by the growth of malware reports around the world. One of the most frequent types of attacks was the attempt to steal victims’ bank details, according to a survey carried out by Kaspersky. Around 400,000 new threats are created daily, according to estimates.
Samsung has yet to comment on the matter.
The Samsung Galaxy S23 is available from Girafa for BRL 4,298 and at Extra by BRL 5,398. To see the other 95 offers click here.
