Tag: Samsung

6 articles

This third article from the Samsung's TrustZone series details some vulnerabilities that were found and how they were exploited to obtain code execution in EL3.

Date Tue 17 December 2019
Authors Alexandre Adamski, Joffrey Guilbon, Maxime Peterlin
Category Reverse-Engineering

In this second blog post of our series on Samsung's TrustZone, we present the various tools that we have developed during our research to help us reverse engineer and exploit Trusted Applications as well as Secure Drivers.

Date Tue 10 December 2019
Authors Alexandre Adamski, Joffrey Guilbon, Maxime Peterlin
Category Reverse-Engineering

In this first article of a series of three, we will give a tour of the different components of Samsung's TrustZone, explain how they work and how they interact with each other.

Date Thu 12 November 2015
Author André Moulu
Category Android

This article explains a recently disclosed vulnerability, independently discovered by the Google's Project Zero team and by Quarkslab some months ago. To our knowledge, this vulnerability was present, on all Samsung devices using Android 5, and allowed remote code execution as system user simply by browsing a website, by downloading an email attachment or via a malicious third party application with no permission.

Date Mon 21 September 2015
Author Jonathan Salwan
Category Android

Multiple kernel vulnerabilities in the Samsung S4 (GT-I9500)

Date Tue 11 November 2014
Author André Moulu
Category Android

UPDATE: A way to patch the vulnerability is provided at the end of the article. We explain a vulnerability found when the Samsung Galaxy S5 was released and patched recently by Samsung. It allows a remote attacker to install an arbitrary application by using an unsecure update mechanism implemented in the UniversalMDMClient application related to the Samsung KNOX security solution. The vulnerability has been patched on the Samsung Galaxy S5 but also Note 4 and Alpha. Yet the Samsung Galaxy S4, S4 mini, Note3 and Ace 4 (and possibly others) are still vulnerable.