Vulnerabilities has been disclosed in the Samsung SNS Provider application

The Dr. Manuel Sadosky Foundation, based in Argentina revealed the existence of vulnerabilities in the Samsung SNS Provider application for Android which sets social media accounts at risk, potentially allowing vicious third-party apps to access photos, status updates, feeds, location and other information as well as post content on behalf of the users without their assent.

The Samsung SNS Provider application is used by Samsung devices to control social media accounts including those on Facebook, Twitter, Google+, LinkedIn and Foursquare. It also acts as a link to allow other applications, such as Gallery, to seizure data and content stored on these websites.

The users are requested to provide full access to the account when they log into the social media account on a Samsung device where SNS Provider is installed.

SNS Provider is used monthly by 41 million users as of February 17, 2015, according to the bulletin, “A malicious application that is granted these permissions could then connect to these services and obtain the credentials required to access a user’s social network account content permanently,” the security bulletin states. “For example, such an application could access the user’s private messages on Facebook using the access token provided by the corresponding SNS Provider service.”

The detail of the vulnerable packages is mentioned below:

•    SNS Provider version older than 1.1.1 on Samsung devices on Android 4.1
•    SNS Provider version older than 1.1.6 on Samsung devices on Android 4.2
•    SNS Provider version older than 1.2.1 on Samsung devices on Android 4.3
•    SNS Provider version older than 1.3.5 on Samsung devices on Android 4.4
•    SNS Provider version older than 1.3.5 on Samsung devices on Android 5.0

The South Korean firm disabled the App ID assigned to SNS Provider on Facebook and Twitter in February, and issued fixed versions of the app with a new ID after making a declaration to Samsung. Users are now secure from malware which uses the access tokens obtained via prior versions. If users are still using vulnerable versions, they are likely to see expiry or ‘try again’ notices when they log in.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...