Skip to main content
  1. Home
  2. Computing
  3. News

Samsung patches flaw in update tool to foreclose man-in-the-middle attacks

Jonathan Keane
By

samsung patches flaw in sw update galaxy tabpro s 9776
Jeffrey Van Camp/Digital Trends
Samsung has patched a flaw in its drive update tool that would have allowed malicious actors to carry out man-in-the-middle (MITM) attacks.

The Samsung SW Update tool tracks the software on your Samsung laptop or computer and alerts you of updates when they are available. Researchers at Core Security discovered that this tool was sending user data back to a server in clear text and unencrypted, making it a prime target for interception.

A second vulnerability revealed that Samsung’s software did not authenticate updates as they were being downloaded from Samsung’s servers. This could in theory allow an attacker to inject their own malware into your computer.

“These vulnerabilities in Samsung SW Update Tool could allow a malicious user to read and modify the requests made both by the user and by the Samsung servers and potentially allow such user to infect the victim with a malware or a remote access tool and gain control over its machine,” said Core security researcher Joaquín Rodríguez Varela in a statement.

“After our report, Samsung implemented a ciphered communication between the tool and its servers and also a verification mechanism of the downloaded drivers.”

According to the advisory, Core Security first notified Samsung of the vulnerabilities it discovered in late January and Samsung released a fix for the update tool in early March following weeks of correspondence with the security researchers.

This isn’t the first time that Samsung has had security issues with the SW Update tool. A Microsoft employee last year found that the SW Update tool in certain Samsung computers was disabling the automatic updates in Windows 8.1. The file that was responsible wasn’t built in from the start on your computer but rather installed unknowingly when SW carried out one of its own updates. Samsung ultimately patched that flaw too, but had denied it was an issue at first.

Editors' Recommendations

The most common Microsoft Teams problems, and how to fix them

A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Selling something online? Watch out for this clever new scam

An individual holding a phone and card.

WhatsApp adds new privacy features that everyone should start using

The WhatsApp app icon on a phone with other messaging apps.

North Korean hackers are targeting crypto workers

A hand on a laptop in a dark surrounding.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Elon Musk talks to the press as he arrives to to have a look at the construction site of the new Tesla Gigafactory near Berlin.

The best gaming speakers for 2022: Improve the sound on your PC or game console

A Logitech speaker sitting beside a desktop computer.

The best OLED laptops for 2022

The Dell XPS 13 Plus on a table outside.

Elon Musk’s Starlink satellites hacked by $25 homemade device

A Starlink dish next to an RV.

The best ultrawide monitors for 2022

A LG ultradwide monitor.

Best smartwatch deals for August 2022

Best Samsung Galaxy Watch deals for August 2022

Galaxy Watch 4 Classic (left) and Galaxy Watch 3 (right).

Best Peloton alternatives for August 2022

L Now Indoor Exercise Bike

Best Instant Pot deals for August 2022

instant pot duo crisp duo80 duo60 bestbuy walmart deals 60 7 in 1