Football

Security Researchers Discover Multiple Vulnerabilities in Samsung Galaxy App Store, What You Need to Know

The key to any malware campaign is getting malicious code onto a targeted device, and attackers will often use a legitimate app store as a vector. Samsung’s Android smartphones ship with the Google Play Store, which has been home to its fair share of malware over the years, as well as the less popular Galaxy App Store. NCC Group security researchers found a couple of flaws in Samsung’s app store that opened up devices to malware infection. The exploits have been fixed, but outdated devices are still at risk.

Like the Play Store, Samsung’s Galaxy App Store has privileged access to the system, allowing you to install and update apps without forcing the user to jump through hoops. Samsung distributes many of its own apps and services through this store, and third-party apps are listed. The first exploit (CVE-2023-21433) takes advantage of installation attempts, which were not handled securely. With physical access to the device, an attacker could tell a device to download an app from the store and open it without security checks. NCC released a proof of concept consisting of an ADB (Android Debug Bridge) command.

The second vulnerability (CVE-2023-21434) goes a step further and allows the attacker to execute arbitrary JavaScript code on the device. Again, this happens because the Samsung app store has special access to the system. The proof of concept provided by NCC is simply a hyperlink that loads malicious JavaScript. It turns out that the only security on web views in the Galaxy App Store is a filter that looks for the domain “player.glb.samsung-gamelauncher.com”. However, an attacker can simply add it as a subdomain to any site, and the phone will happily run the code.

Samsung CVE Example
replacement of with a domain controlled by an attacker causes an unpatched Samsung to execute any JavaScript present.

So, that’s not great, but there is good news (and some bad news). NCC Group reported the issue to Samsung, and a new Galaxy App Store version (4.5.49.8) was rolled out this month to fix both flaws. Also, Google’s new security measures in Android 13 will block these exploits. Unfortunately, only newer Samsung devices will see Android 13, so they could still be vulnerable at the system level, and devices that don’t get regular security updates might not have the app store client up to date. If you’re using a Samsung phone, it’s a good idea to make sure your system software and the Galaxy App Store are fully up to date. Even if you don’t need a system update, opening the Galaxy App Store should offer the option to update the client itself.

Leave a Comment