US, WASHINGTON (ORDO NEWS) — Google’s cybersecurity experts have identified a dangerous vulnerability in Samsung’s Android firmware that allows cybercriminals to “steal” a smartphone by sending an image via MMS. A critical bug affects all Galaxy devices sold since 2014.
According to Google Project Zero specialist Mateusz Jurczyk, the bug is related to how the Skia library in Samsung’s Android firmware processes Qmage files (.qmg) – the company’s own graphic format introduced in 2014.
The essence of the attack is that the hacker first sends several MMS messages with embedded pictures into which the malicious code is encrypted. When these images are transferred to Skia, Yurchik explained, the MMS message tries to calculate the location of the library in Android memory. Then the “bad” code, embedded in the Qmage file, is launched, which gives the cybercriminal full access to the victim’s device.
The vulnerability is dangerous in that no action on the part of the user is required. As SlashGear notes , he doesn’t even need to open an MMS message to be attacked.
Samsung has already fixed a bug in the latest patch (SMR-MAY-2020). Owners of all modern Galaxy smartphones are strongly advised to check for an update manually.
Contact us: [email protected]