Skip to main content

Samsung patches flaw in update tool to foreclose man-in-the-middle attacks

Samsung has patched a flaw in its drive update tool that would have allowed malicious actors to carry out man-in-the-middle (MITM) attacks.

The Samsung SW Update tool tracks the software on your Samsung laptop or computer and alerts you of updates when they are available. Researchers at Core Security discovered that this tool was sending user data back to a server in clear text and unencrypted, making it a prime target for interception.

Recommended Videos

A second vulnerability revealed that Samsung’s software did not authenticate updates as they were being downloaded from Samsung’s servers. This could in theory allow an attacker to inject their own malware into your computer.

“These vulnerabilities in Samsung SW Update Tool could allow a malicious user to read and modify the requests made both by the user and by the Samsung servers and potentially allow such user to infect the victim with a malware or a remote access tool and gain control over its machine,” said Core security researcher Joaquín Rodríguez Varela in a statement.

“After our report, Samsung implemented a ciphered communication between the tool and its servers and also a verification mechanism of the downloaded drivers.”

According to the advisory, Core Security first notified Samsung of the vulnerabilities it discovered in late January and Samsung released a fix for the update tool in early March following weeks of correspondence with the security researchers.

This isn’t the first time that Samsung has had security issues with the SW Update tool. A Microsoft employee last year found that the SW Update tool in certain Samsung computers was disabling the automatic updates in Windows 8.1. The file that was responsible wasn’t built in from the start on your computer but rather installed unknowingly when SW carried out one of its own updates. Samsung ultimately patched that flaw too, but had denied it was an issue at first.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more
Early Prime Day deal: Samsung’s 27-inch Odyssey G3 at its annual low price
Samsung Odyssey G3 gaming monitor on desk with keyboard and headset.

If you're ready to upgrade your monitor, this Samsung deal over at Amazon just might be your best bet. The 27-inch version of Samsung's Odyssey G3 is $130 right now, a full $100 off its regular $230 price and its lowest price of the year. It's a part of early Prime Day deals and a good sampling of what we can expect for the shopping holiday, which officially lands on July 8th. Tap the button below to see it for yourself or keep reading to see why we like this deal and why this should be your next monitor.

Buy Now

Read more