Google says it has evidence that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities found in newer Samsung smartphones.
The vulnerabilities, discovered in Samsung’s custom-built software, were used together as part of an exploit chain to target Samsung phones running Android. The chained vulnerabilities allow an attacker to gain kernel read and write privileges as the root user, and ultimately expose a device’s data.
Google Project Zero security researcher Maddie Stone says that the exploit chain targets Samsung phones with an Exynos chip running a specific kernel version. Samsung phones are sold with Exynos chips primarily across Europe, the Middle East, and Africa, which is likely where the targets of the surveillance are located.
Stone says Samsung phones running the affected kernel at the time include the S10, A50, and A51.