CVE-2024-49406

Vulnerability

Samsung Blockchain Keystore prior to version 1.3.16 fails to properly validate the integrity check value of transactions. This flaw exists in the transaction signing or verification flow, where the keystore does not cryptographically verify the integrity of the transaction data before processing. The affected component is part of the Samsung Blockchain Keystore system application, which manages cryptographic keys and transaction signing on Samsung devices. Version 1.3.16 and earlier are vulnerable; the fixed version is 1.3.16.

Exploitation

An attacker must already have root (superuser) privileges on the device to trigger this vulnerability [1]. With root access, the attacker can craft a malicious transaction or modify a legitimate transaction's data, bypassing the missing integrity check. The exact steps involve the attacker, as root, intercepting or creating a transaction payload that the vulnerable keystore processes, effectively altering the transaction content without detection.

Impact

A successful exploit allows the local attacker to modify any transaction processed by the Blockchain Keystore. This could lead to unauthorized changes to blockchain transactions, such as altering amounts, recipients, or other critical fields. The impact is primarily on the integrity and authenticity of blockchain operations performed on the device, potentially enabling financial theft or fraudulent transactions.

Mitigation

Samsung released a fix in version 1.3.16 of the Blockchain Keystore [1]. Users should update the Blockchain Keystore application to version 1.3.16 or later via the Galaxy Store or system updates. There is no viable workaround for unpatched versions, as the fix requires updating the affected component. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.