Samsung Galaxy S3 Vulnerability Exposed – Kies Software To Blame

Another day, another security scare. I think it would be safe to assume that just about any OS is vulnerable in some area and it never fails, where’s there’s a hole, there’s a person who will find it and exploit it. Today, a security vulnerability was found in Samsung Kies — Samsung’s sync and update software tool — and could potentially allow for malicious applications to be installed on a user’s device.

Revealed in Andre Moulu’s blog post, a seemingly legitimate app could be downloaded from the Play Store (Angry Birds Cheats, Japanese Squid Girls, etc.) and once installed it could hijack the “install_packages” permission found inside the Samsung Kies application. From there, the malicious app could have a field day installing more applications without the users knowledge or input.

According to the the pentester who discovered the exploit, the vulnerability was easy to pull off using little more than a few lines of Java. Apparently, this is a common vulnerability found in many system applications that come pre-installed on users’ devices thanks to custom UI’s. Of course, something like this could be patched up in a simple over-the-air update, so let’s hope Samsung, HTC, Motorola and other OEM’s are listening. Proof of concept video shown below for those interested.


Continue reading:

TAGS: Samsung Galaxy S3

  • Marius Oprisan

    Kies just updated yesterday, maybe they fixed it already ;)

  • socalrailroader

    Japanese Squid Girls? Is that like a weird, demented porn thing? LOL

    • Chris Chavez

      You have a dirty mind… It’s a kids cartoon show O_o

      • socalrailroader

        Lol Those Japanese and their shows :D

        • socalrailroader

          Some of those anime girls…ahh, nevermind LOL

      • Shatner

        Well Ika IS good at everything that isn’t invading…

    • Mark phillips

      Lmao even I thought it’s something related to porn!!! :P

  • d1m1m1

    Haha curiosity made me look up Japanese Squid Girls, although there where no relevant results in the play store :(

  • Sondrek17

    Another reason to buy nexus devices.

  • IronHorse01

    Nexus ftw son

  • Ken Bosse

    any harm in just freezing the kies app? Or even if you dont even use kies is this a big deal?
    I’m not concerned just wondering.

  • wushang681

    welcome to the