CVE-2018-21080 in Samsung
Summary
by MITRE
An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/07/2020
This vulnerability affects Samsung mobile devices running Android 7.x software versions where NFC functionality can be inadvertently activated through magnetic interference. The flaw represents a significant security weakness in the device's physical attack surface, allowing unauthorized access through a simple magnetic proximity attack. The vulnerability was classified under Samsung's internal security tracking system as SVE-2017-10897 and was disclosed in March 2018, highlighting the company's recognition of the physical security implications. The issue demonstrates how hardware components designed for legitimate functionality can be exploited through unconventional attack vectors that bypass traditional software-based security controls.
The technical mechanism behind this vulnerability involves the interaction between the device's NFC hardware and magnetic field interference. When a sufficiently strong magnet is placed near the device, it can trigger the NFC chip to activate automatically, effectively bypassing the lockscreen authentication mechanisms. This occurs because the magnetic field interferes with the NFC chip's state detection circuitry, causing it to enter an active state where it responds to NFC commands without proper user authentication. The vulnerability is particularly concerning because it operates outside the normal security boundaries of the device's software stack, exploiting physical rather than digital attack vectors. This type of attack falls under the category of side-channel attacks where physical properties are manipulated to achieve security bypass.
The operational impact of this vulnerability is substantial as it allows a physically proximate attacker to gain unauthorized access to a device without requiring knowledge of the lockscreen password, PIN, or biometric credentials. This creates a serious risk for users in public spaces or environments where physical access to devices can be gained through casual proximity. The attack does not require sophisticated equipment or technical expertise, making it particularly dangerous as it can be executed by virtually anyone with access to a magnet. The vulnerability effectively undermines the fundamental security model of mobile devices, where lockscreen protection is designed to prevent unauthorized access, and demonstrates how physical security controls can be circumvented through electromagnetic interference. This weakness is particularly problematic in enterprise environments where mobile devices contain sensitive corporate data and in personal contexts where device privacy is paramount.
This vulnerability aligns with CWE-310, which covers cryptographic weaknesses, specifically addressing the bypass of authentication mechanisms through physical interference. It also relates to ATT&CK technique T1550.001, which covers use of stolen credentials, as the attack effectively bypasses authentication without requiring legitimate credentials. The vulnerability represents a failure in the device's physical security design, where electromagnetic interference can be used to manipulate hardware components. Samsung's response to this vulnerability would have required firmware updates to properly isolate the NFC chip from magnetic interference or implement additional security checks to verify that NFC activation occurs only through legitimate user interaction. Organizations should consider this vulnerability when assessing their mobile security posture and ensure that devices are updated with the latest security patches to address physical attack vectors that can bypass traditional digital security controls. The incident underscores the importance of considering physical security aspects in mobile device design and the need for comprehensive security testing that includes electromagnetic interference scenarios.