Samsung Galaxy S8 plus Android version: 8.0.0 Information Exposure Vulnerability

Summary

Samsung Galaxy S8 plus Android version: 8.0.0 suffers from information exposure vulnerability

 

 

 

 

 

Credit:

The information has been provided by Imtiaz Karim 

The original article can be found at:https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210

 


Details

Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.

 

Vulnerable Systems:

Samsung Galaxy S8 plus Android version: 8.0.0

 

CVE Information:

CVE-2019-16401

 

Disclosure Timeline:
Published Date:11/6/2019