Bad news for Samsung users as a white hat security researcher has exposed a risky internal application that could potentially brick almost all Samsung phones with Android. Security researcher Robert Baptiste, who famously goes by the name Elliot Alderson, published a blog detailing a faulty implementation in a Samsung application known as ContainerAgent. This application had a broadcast receiver enabled by default.
The broadcast receiver is a feature which manages broadcasts for system and application events on the Android platform.
The big details
PoC based on the vulnerability
Baptiste has also released a proof-of-concept to abuse this flaw. He has created what is known as ‘Locker Application’.
“In this Proof Of Concept (POC), I send these 2 intents every second. Moreover, after opening this app the 1st time, the app icon will disappear. As a consequence, the device will be inoperable due to this local DoS. Every time the victim will open the SecureFolder app, the container will be locked and every time he will try to use his phone, the phone will come back directly to the first page of the launcher,” said the white hat researcher.