It’s no secret some Android devices may have a security hole or two, but what about a device’s software application on a desktop computer? Well apparently, Samsung’s Kies desktop software contains a security vulnerability which could allow malicious applications to be installed and may affect devices such as your brand-new Samsung Galaxy S III smartphone. As highlighted in Andre Moulu’s blog post, what looks like an official or legitimate app could be downloaded from the Play Store (Angry Birds Cheats, Japanese Squid Girls, etc.) for use. As a user installs the certain apps, the apps could manipulate and overtake the install_packages permission found inside the Samsung Kies application. Once the action is done, the malicious app or apps could then have an even further effect by installing more applications without the user being fully aware.
The scary thing is how simple the security vulnerability is pronounced. It seems the vulnerability was easy to pull off using little more than a few lines of Java and more specifically— this is a common vulnerability found in many system applications that come pre-installed on users’ devices thanks to custom UIs. Let’s hope Samsung (and all of the other smartphone manufacturers for that matter) will take note of this and take preventative measures to protect their devices… and quickly.
If you’re ready to see the vulnerability in action, be sure to hit the break in order to see the video.
» Read the rest