Plaintext Storage of WiFi Credentials - Samsung Cloud Sync
I am writing to report a security vulnerability I have discovered in the Samsung Cloud synchronization process for WiFi credentials on Samsung devices. This issue concerns the exposure of sensitive information, which I believe warrants immediate attention.
This is not device specific but it happens because of the application and should therefore happen on all devices
Vulnerability Details:
Summary: Samsung Cloud syncs WiFi passwords in plaintext, which are then stored on the device and can be accessed by any individual or process with root access. Affected Service: Samsung Cloud WiFi Profile Synchronization. Affected Devices: Samsung devices running on Android 13 (further testing on other versions required). Impact: Potential for unauthorized access to WiFi credentials if root access is obtained by a malicious actor.