I keep thinking “this will be the last time I post about a big security hole in a Samsung product”, but Samsung just can’t seem to stop giving me material.
Here’s two more for the pile:
First, the appetizer: Samsung Smart TVs can be remotely exploited
This isn’t an Earth-shattering security hole, since there’s not a lot of valuable data on most Internet connected TVs, however it is possible that this could be used against a TV installed in a company’s waiting area. Then imagine the attacker is able to install a bit of code that lets him pivot from the TV to probe the company’s network for other vulnerabilities. Did the IT department sequester the TV to a safe subnet, or is it just plugged in with everything else?
Now, the main course:
This one’s really bad. The memory location within the kernel has basically no protection on it, so a maliciously crafted app can completely take over the phone or tablet. Details are still emerging at this point, but if the reports are accurate there needs to be a patch issued for this immediately. Of course being an Android issue, the patch will take anywhere between two and eight months to be approved for release by the carriers.
I hadn’t planned on getting any Samsung devices in the near future, but now I’m certain to avoid them.