A mobile security startup has found seven vulnerabilities in Samsung’s preinstalled mobile apps that, if misused, would have given attackers broad access to a victim’s personal data.
Russia-based Oversecured said the vulnerabilities were found in multiple apps and components bundled with Samsung phones and tablets. Over-assured founder Sergey Toshin told TechCrunch that the vulnerabilities on a Samsung Galaxy S10 + have been verified, but that all Samsung devices could potentially be affected as the burned-in apps are responsible for system functionality.
Toshin said the vulnerabilities could have allowed a malicious app on the same device to steal a victim’s photos, videos, contacts, call recordings and messages and change settings “without user consent or notification” by changing the permissions of Samsung’s default apps were kidnapped.
One of the flaws could have allowed data to be stolen by exploiting a vulnerability in Samsung’s Secure Folder app that created a “large …