Users ought to upgrade following the discovery of a flaw in Samsung’s software update tool that opens the door to man-in-the-middle attacks.
Security shortcomings in Samsung SW Update Tool, which analyses the system drivers of a computer, were discovered by Core Security. Following the discovery of this vulnerability, Core Security recommended Samsung encrypt and validate the information users download in updates.
Version 188.8.131.52 of the tool was vulnerable, said Joaquín Rodríguez Varela, a senior security researcher from Core Security CoreLabs Team, who discovered the vulnerability. Flaws in this version of the software meant both cleartext transmission of sensitive information and, worse yet, insufficient verification of data authenticity. The issue created the potential for hackers to impersonate Samsung before serving up dodgy software updates.
Samsung has issued a patched version of the affected software.
Rodríguez commented: "These vulnerabilities in Samsung SW Update Tool could allow a malicious user to read and modify the requests made both by the user and by the Samsung servers and potentially allow such user to infect the victim with a malware or a remote access tool and gain control over its machine.
"After our report, Samsung implemented a ciphered communication between the tool and its servers and also a verification mechanism of the downloaded drivers," he added.
An advisory by Core Security explained the vulnerability in greater depth can be found here. El Reg invited Samsung’s PR representatives to comment on the discovery on Thursday but we’ve yet to hear back from the South Korean electronics giant.
Core Security notified the electronics giant on 22 January. Samsung, after what would appear to be some foot-dragging, promised to release patches in early March. clearing the way for the researchers to go public with their findings. ®