Alphabet IncGOOGGOOGL Google Project Zero security researcher Maddie Stone said a commercial surveillance vendor exploited three zero-day security vulnerabilities found in newer Samsung Electronics Co, LtdSSNLFsmartphones.
He said the exploit chain targets Samsung phones with an Exynos chip running a specific kernel version.
The chained vulnerabilities allow attackers to gain kernel read and write privileges as the root user and ultimately expose a device’s data.
Samsung phones were available with Exynos chips primarily across Europe, the Middle East, and Africa, the likely location of the surveillance targets.
Stone said Samsung phones running the affected kernel at the time include the S10, A50, and A51.
The flaws, since patched, were exploited by a malicious Android app, tricking users into installing from outside of the app store.
The malicious app allows the attacker to escape the app sandbox designed to contain its activity and access the rest of the device’s operating system.
The exploitation follows a pattern similar to recent device infections, which compromised malicious Android apps to deliver powerful nation-state spyware, TechCrunch reports.
Earlier this year, security researchers discovered Hermit, an Android and iOS spyware developed by RCS Lab and used in targeted attacks by governments, with known victims in Italy and Kazakhstan.
Hermit relied on tricking a target into downloading and installing the malicious app and silently stole the victim’s data.
Google began notifying compromised Android device users of Hermit’s attack.
Google reported the three vulnerabilities to Samsung in late 2020, and Samsung rolled out patches to affected phones in March 2021.
Stone said that Samsung has since committed to begin disclosing when vulnerabilities are actively exploited, following Apple Inc AAPL and Google.
Price Action: GOOG shares traded higher by 0.756 5% at $94.70 premarket on the last check Friday.
