Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Samsung Fixes MiTM Flaw in Software Update Utility

Vulnerability in Samsung’s SW Update Tool Exposes Systems to Man-in-the-middle Attacks

Samsung has released an update for its SW Update Tool that resolves a man-in-the-middle (MiTM) vulnerability affecting Windows-based laptops.

Vulnerability in Samsung’s SW Update Tool Exposes Systems to Man-in-the-middle Attacks

Samsung has released an update for its SW Update Tool that resolves a man-in-the-middle (MiTM) vulnerability affecting Windows-based laptops.

Designed to analyze the system drivers of a computer and install relevant software, Samsung’s SW Update Tool was found to include a flaw that could result in integrity corruption of the transferred data, as well as in information leak and arbitrary code execution.

According to researchers from Core Security, the tool does not perform appropriate verification of the packages it downloads on the target computer. This remotely exploitable vulnerability was found and tested on version of the SW Update Tool, but other products and versions might be affected too, researchers say.

The SW Update Tool can be used on both Samsung and non-Samsung machines to determine which updates users should install. On some Samsung systems, the tool can automatically detect the model of hardware, while on others, as well as on non-Samsung computers, it requires the user to specify the model they would like to download drivers for.

To perfom updates, the tool uses an XML file, which includes the name and model ID for which the drivers are being requested, and also includes a tag called ‘FURL,’ which has the URL of the file that will be downloaded and executed by the application, Core Security explained.

Once the necessary files are found, the user is presented with the available driver updates and, after the they have been downloaded, users can launch an automatic install process from within the SW Update Tool., however, the SW Update Tool does not not perform verification of the downloaded files.

Although there are a series of “controls” within the XML file, an attacker could easily disable them by manipulating the file, while also being able to modify the returning XML file to achieve code execution on the victim’s machine.

Core Security CoreLabs Team researcher Joaquin Rodriguez Varela discovered the vulnerability in January, when he informed Samsung on the matter, and the vendor released the patch for the tool in early March. However, it appears that some users might not be able to connect to the company’s servers as of yet, since they are transitioning to the more secure HTTPS protocol.

Samsung informed Core Security that users with older versions of the client-side application that still uses HTTP won’t be able to connect to its servers as they move to HTTPS. However, the company is looking to resolve the issue in the next few months by pushing the updated tool to all users while still keeping HTTP active on its server.

In the meantime, Samsung SW Update Tool users are advised to download the latest version of the application from Samsung’s website to ensure they are protected.

Intel’s Driver Update Utility received an update in January this year to resolve an information disclosure flaw identified by researchers at Core Security. In November, Lenovo released a new version of its System Update software (previously known as ThinkVantage System Update) to address a couple of privilege escalation vulnerabilities discovered by an IOActive researcher.

Written By

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...