Another day, another security scare. I think it would be safe to assume that just about any OS is vulnerable in some area and it never fails, where’s there’s a hole, there’s a person who will find it and exploit it. Today, a security vulnerability was found in Samsung Kies — Samsung’s sync and update software tool — and could potentially allow for malicious applications to be installed on a user’s device.
Revealed in Andre Moulu’s blog post, a seemingly legitimate app could be downloaded from the Play Store (Angry Birds Cheats, Japanese Squid Girls, etc.) and once installed it could hijack the “install_packages” permission found inside the Samsung Kies application. From there, the malicious app could have a field day installing more applications without the users knowledge or input.
According to the the pentester who discovered the exploit, the vulnerability was easy to pull off using little more than a few lines of Java. Apparently, this is a common vulnerability found in many system applications that come pre-installed on users’ devices thanks to custom UI’s. Of course, something like this could be patched up in a simple over-the-air update, so let’s hope Samsung, HTC, Motorola and other OEM’s are listening. Proof of concept video shown below for those interested.
[Sh4ka.fr]
Kies just updated yesterday, maybe they fixed it already ;)
Japanese Squid Girls? Is that like a weird, demented porn thing? LOL
You have a dirty mind… It’s a kids cartoon show O_o
Lol Those Japanese and their shows :D
Some of those anime girls…ahh, nevermind LOL
Well Ika IS good at everything that isn’t invading…
Lmao even I thought it’s something related to porn!!! :P
Haha curiosity made me look up Japanese Squid Girls, although there where no relevant results in the play store :(
Another reason to buy nexus devices.
Nexus ftw son
any harm in just freezing the kies app? Or even if you dont even use kies is this a big deal?
I’m not concerned just wondering.
welcome to the tinyurl.com/cyk9xz2