Millions of Samsung Galaxy phone users have been put on high alert after the discovery of a shocking security vulnerability. The flaw, which was found tucked inside the pre-loaded Phone app, could allow hackers to take remote control of a device. According to the team at Kryptowire, the bug gave cyber thieves the option of installing or deleting apps, performing a factory reset and even making calls.
A bad actor was able to take advantage of this vulnerability if a Samsung Galaxy owner downloaded a third-party app that was designed to “mimic the system-level activity and hijack critical protected functionality”.
Kyrptowire said the Phone app, which comes pre-installed on all Samsung devices, had an insecure component that effectively gave local apps the ability to perform system-level privileges without user authorisation.
Researchers were able to demonstrate the exploit on a number of different Samsung phones, including the Galaxy S21 Ultra 5G running Android 12 as well as a Samsung Galaxy S10+ and Samsung A10e.
The extent that Samsung phones were vulnerable to this flaw is not clear.
Thankfully there is a way Galaxy users can make sure their device is safe today.
Full details of the CVE-2022-22292 vulnerability were revealed to Samsung towards the end of last November, with the February 2022 security patch providing a fix for this flaw.
You’ll want to make sure your Samsung phone is updated to this version. To do so head to the settings menu and then go to About Phone|Software Information.
You will find out if your Samsung phone has been upgraded to the February 2022 security patch in the Android security patch level section.
The latest security warning underlines the importance of making sure your phone is eligible for the latest security patches.
Earlier this month it emerged that the Samsung Galaxy S9 will no longer receive security updates.
The last patch for the Galaxy S9 and Galaxy S9 Plus was the March 2022 security patch, so thankfully the recently discovered Phone app vulnerability will be closed up on these 2018 flagships.
But the Galaxy S9 line will be at risk to any other future threats addressed in patches further down the line.
If you own a Galaxy S9 or S9 Plus and want to make sure your device is safe from any future security threats you’ll need to upgrade.
The good news is earlier this Samsung revealed its 2021 and 2022 flagships would be eligible for five years worth of updates.
This means if you get a Samsung Galaxy S22 phone you’ll receive software and security updates all the way through to 2027.
Published at Tue, 12 Apr 2022 06:01:00 +0000