March 21, 2013

All of the vulnerabilities can be exploited without privilege and according to Paleari, stem from “Samsung-specific software and customizations.” Paleari said two of the vulnerabilities can be used to silently install highly privileged applications without user interaction while another allows attackers to send SMS messages without permission


Paleari said he informed Samsung in mid-January shortly after he found the bugs and still hasn’t heard from the South Korean company about a fix. Instead, Paleari writes that Samsung did contact him on Feb. 20 and requested he delay public disclosure, insisting that “any patches [Samsung] develops must first be approved by the network carriers.”

This system is completely broken.

Weiran Zhang

Written by Weiran Zhang who lives and works in Nottingham. You should follow him on Twitter.