NowSecure Announces New ioXt Compliance Solution for IoT-Connected Mobile Apps and Mobile VPNs
Contact Us Test Your App

Deliver Secure Mobile Apps Faster

Corrupdate Vulnerability – Samsung patches flaw discovered by NowSecure

corrupdate vulnerability

Corrupdate Vulnerability – Samsung patches flaw discovered by NowSecure

Last year, NowSecure mobile security researchers Jake Van Dyke and Ryan Welton discovered two major vulnerabilities affecting nearly 80% of Samsung devices, or about one-third of all Android devices. Dubbed TCorrupdateU, these vulnerabilities affect devices including the flagship Galaxy S5 and Note 4 phones and 200+ total Samsung phone and tablet models.

Nearly 80% of Samsung devices, or about one-third of all Android devices, are affected.

NowSecure reported these issues to Samsung to help them create a patch and ensure users would be protected. Samsung recently released a patch, and NowSecure confirmed the patch appears to be effective. To confirm whether your device is patched and improve your mobile security score, install NowSecure Mobile.

To learn how users can protect themselves, and read a technical deep-dive on the vulnerability, read our technical breakdown by NowSecure researcher Jake Van Dyke.

Recommendations

  • Check your app version
    For Samsung Account and GALAXY Apps (or Samsung Apps). Details on which versions are patched provided in our technical breakdown
  • Update the app
    Open the affected app while using a trusted network and accept the update from Samsung. Read the technical breakdown for more details.
  • Disable the app through your system settings (Android 4.0 or higher only)
    Note: patched versions will not automatically re-enable themselves. You will need to re-enable manually. Steps to disable vary by device.
  • Download a security app that informs you if you are vulnerable or secure.
    NowSecure Mobile can tell you if you have a vulnerable or a patched version, and can inform you if you have other known vulnerable apps on your device as well.

To be alerted if you’re affected, install NowSecure Mobile for Android

NowSecure Mobile is also available for iOS.

Who is Affected?

There are two vulnerable apps, each with several vulnerable versions, affecting 200+ vulnerable Samsung device models. Overall, this affects nearly 80% of Samsung devices, or about one-third of all Android devices.

What’s the Risk?

The flaws were found in two system apps that come pre-installed on many devices: Samsung Account and GALAXY Apps (sometimes shown as Samsung Apps or Samsung Updates). In both cases, an auto-update feature could enable a network attacker to install malware on the device, without action by the user.

Although most users do not directly use these affected apps, it is important to note that the update feature is automatic, and in some cases would prompt the user to install an update. Unless the user actively disables the app – they cannot normally uninstall – it would remain on the device and vulnerable to attack.

If exploited, the attacker could replace the update with a malicious apk that would be installed by the system in place of the genuine update. If the user runs the malware app, it could attempt to steal data, track activity or perform other attacks.

This remote attack affecting millions of devices requires only a network position to attack, such as being on an insecure Wi-Fi access point. Furthermore, the attack does not change from device to device, so attacker could target many kinds of Samsung phones or tablets.

This clear risk illustrates the danger posed by vulnerable apps running on personal and enterprise devices, part of the SCAN principle of mobile security.

 

Get the latest news and updates!

Sign up for our All Things Mobile DevSecOps Newsletter

Sign me up!
Ted Eull

About Ted Eull

linkedin icon twitter icon

VP of Risk and Privacy at NowSecure

Ted directs company risk, privacy, and security initiatives to ensure success of the growing company and NowSecure mobile security platform.

PRIVACY DISCLOSURE: NowSecure uses first party and third party cookies to provide functions of this website and our services, to uniquely identify visitors, to analyze use of our website, and to target our marketing. You can choose to block cookies using your browser settings. By continuing to use our website or services you indicate your agreement. To learn more about the cookies we use and how we may collect and use your personal data, visit our Privacy Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close