Vulnerability in the update feature solid-state drives from Samsung
There is a vulnerability in the software that Samsung provides with its solid-state drives, which hackers can infiltrate.
It comes to Samsung Magician, which allows users to their solid-state drives can manage, test, and update.
In older versions, the non-encrypted http is used for monitoring and downloading updates, it writes the CERT Coordination Center of Carnegie Mellon University. In version 5.0, there is then switched to the secure https connection, but the ssl certificate was not verified. The connection is gold therefore still as unsafe.
A hacker on the same network it would allows man-in-the-middle attack can perform. In such an attack, a hacker the information that is exchanged between two communicating parties intercepting. Then, the attacker may be able to be a malicious update to offer, because the attacker gets administrative privileges.
Samsung has solved the problem in Magician version 5.1. Because the update feature in older versions is vulnerable, the CERT Coordination Center the advice to update manually downloaded and install. Also, it is not recommended to use public wi-fi networks to use.