Samsung texting app secretly sending users’ photos to random contacts

by Gabriel E. Hall - -

Bug in the Samsung texting app sends Gallery photos to random users

Samsung texting app bug

At the end of June, in various forums like Reddit and Samsung community people started complaining about a bug in their phones. According to their reports, it keeps sending the content of their Gallery to random users vis the app called Default texting. This procedure is mostly implemented without victim's consent who can become aware of the fact that someone received his/her personal photos only if the recipient informs about the content.

Few users got lucky as this happened between them and their partner, but others were not that fortunate. Also, there were a few cases involving the whole Gallery, not just a few photos

The issue might be linked with T-Mobile[1], and the RCS[2] messaging updates as the most of affected phones were the newest Samsung versions like Galaxy S7, S7 Edge, and Galaxy S8, S9. However, T-Mobile was not the only provider involved.

The biggest harm is that after this “leak” of private photos the victim is not notified about the loss. The only way for the victim to know that this happened is if the people who received those photos answer the sender directly. 

Samsung needed to take this seriously, and the issue was taken into consideration. The company is encouraging affected people to call directly via 1-800-SAMSUNG contact. 

We are aware of the reports regarding this matter and our technical teams are looking into it. Concerned customers are encouraged to contact us directly at 1-800-SAMSUNG.

Not the first nor the only security bug dealing with private information

Earlier, in June, Facebook got involved in similar privacy scandal[3] when more than 14 million users' posts were made public. This social media platform already was under the radar because of multiple privacy issues this ear. This bug worked when you posted something on your Facebook. Privacy settings of who can see the post were changed each time you posted anything new.

The same month, another bug dealing with Facebook and Microsoft Edge was discovered. Because of this vulnerability, the potential attacker could read Users' Facebook feed or emails without ay consent. This attack could help the hacker to use a specific site designed to exploit CVE-2018-8235 vulnerability through the chosen browser.

A few months back another social media platform Twitter had a similar attack. The company disclosed that internal system bug was discovered. This bug allowed to store passwords in a text. It was announced that there was no data breach and that Twitter fixed the bug successfully. 

Security bug explained

Security bug is a software defect that can be exploited to get access to a computer system. The bugs commonly happen because of software bugs that introduce security vulnerabilities when compromising with:

  • Confidentiality;
  • The integrity of data;
  • Authorization[4];
  • Authentication[5].

These security and privacy bugs can be avoided. Vulnerabilities can be exposed if secure coding practices are not a priority. Servers should be reviewed for possible local firewall rules or unnecessary running services. Well configured Firewall is needed in general. 

For the companies, it is important to educate the staff about technical issues too. Many issues are not so easily fixable but also common. Educating your workers is a good defense method. Password managing tools, a routine of not storing personal information can be helpful. Organization-wide anti-virus solution provides a base layer of security.

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate computer expert

Gabriel E. Hall is an expert troubleshooter who has been working in the information technology industry for years.

Contact Gabriel E. Hall
About the company Esolutions

References