Hackable Samsung mobile devices
- El>Qufl
- Jul 19, 2022
- 2 min read
Updated: Jul 22, 2022
Mobile security and privacy company Kryptowire this week announced that it identified a serious security flaw in Samsung phones affecting devices running Android 9 through Android 12. Samsung has already been informed of the issue and the problem has since been fixed as part of the regular security updates the company provides, so be sure to check if you’ve still got any system updates pending on your Samsung phone.
The vulnerability allows malicious apps to gain access to protected functionality without users ever granting them any permissions at all, with them only ever having to run the app once. The vulnerability allows hackers to factory reset phones, make phone calls, install and uninstall apps at will, and undermine HTTPS connections to websites, and more. Kryptowire says that those are just some limited examples, so there might be much more.
The security issue in question resides within the pre-installed phone app that all Samsung handsets ship with. The phone app has privileged access to some underlying system features, but due to a flaw, it’s possible for other apps to hijack the phone app’s privileges.
So far, Kryptowire has tested the vulnerability on the Samsung Galaxy S21 Ultra, the S10+, and the A10e, though the company says that the list is not exhaustive and “simply meant to demonstrate that a range of Android versions, models, and builds are verified to be vulnerable.” It wouldn’t be surprising if all recent Samsung phones were affected by the issue. For what it’s worth, it seems like Samsung phones running older Android versions aren't hit. A Samsung Galaxy S8 running Android 8 wasn’t vulnerable to the attack, though the company says that it requires closer examination.
Samsung patched the vulnerability as part of its regular maintenance updates. The issue was resolved with the July 2022 security update, which has arrived on almost all recent Samsung phones already, including the Galaxy S9, which Samsung has just stopped supporting this week. Be sure to head to your phone’s system settings and make sure you’re on the latest system update
Comments