Samsung patched its SW Update Tool after it exposed users to Man-in-the-Middle (MitM) attacks.
Samsung SW Update Tool is a Windows application that works by scanning a Samsung machine and informing the user if new updates are available.
If users install it on other machines, they can also fill in a form, enter their Samsung details, and retrieve the latest driver updates to copy on a USB drive and use later, on their Samsung device.
The Samsung SW Update tool contains two security-related issues, said Joaquín Rodríguez Varela, Senior Security Researcher at Core Security in the CoreLabs Team.
The first is when contacting Samsung’s servers, the SW Update tool sends the user’s information in cleartext.
Anyone watching the network can snoop on this data. The worst-case scenario is when a malicious actor is carrying out reconnaissance operations in order to assess and detect possible targets for future attacks.
Since all the data contains information about the user’s hardware and driver firmware and ends up unencrypted, the attacker has all they need to plan an attack.
In the second vulnerability, the software doesn’t check for the data’s authenticity after it receives the driver downloads from Samsung’s servers.
This scenario is your basic MitM attack, which is easy to carry out because of the wide use of insecure WiFi networks and the numerous freely available tools that simplify the process.
The good thing is Samsung was on top of their game and fixed all security issues.
Samsung released version 18.104.22.168 to address all the reported problems.