Samsung patches flaw in update tool to foreclose man-in-the-middle attacks

Samsung has patched a flaw in its drive update tool that would have allowed malicious actors to carry out man-in-the-middle (MITM) attacks.

The Samsung SW Update tool tracks the software on your Samsung laptop or computer and alerts you of updates when they are available. Researchers at Core Security discovered that this tool was sending user data back to a server in clear text and unencrypted, making it a prime target for interception.

A second vulnerability revealed that Samsung’s software did not authenticate updates as they were being downloaded from Samsung’s servers. This could in theory allow an attacker to inject their own malware into your computer.

“These vulnerabilities in Samsung SW Update Tool could allow a malicious user to read and modify the requests made both by the user and by the Samsung servers and potentially allow such user to infect the victim with a malware or a remote access tool and gain control over its machine,” said Core security researcher Joaquín Rodríguez Varela in a statement.

“After our report, Samsung implemented a ciphered communication between the tool and its servers and also a verification mechanism of the downloaded drivers.”

According to the advisory, Core Security first notified Samsung of the vulnerabilities it discovered in late January and Samsung released a fix for the update tool in early March following weeks of correspondence with the security researchers.

This isn’t the first time that Samsung has had security issues with the SW Update tool. A Microsoft employee last year found that the SW Update tool in certain Samsung computers was disabling the automatic updates in Windows 8.1. The file that was responsible wasn’t built in from the start on your computer but rather installed unknowingly when SW carried out one of its own updates. Samsung ultimately patched that flaw too, but had denied it was an issue at first.