MILLIONS of Samsung Galaxy smartphone owners are facing a security threat.
Those with Android version 9 to 12 are at risk.
Kryptowire researchers have released a report detailing how they discovered a serious vulnerability in the pre-installed Phone app on several models that might allow a hacker to take control of someone’s phone, Forbes reported.
Control can include factory reset, making calls, and installing and removing apps.
An unauthorized user might gain this type of access if the victim installed a third-party application modified to “mimic system-level activity and hijack critical protected features,” according to the Kryptofil report.
The Phone application is installed on all Samsung smartphones.
It turned out to have an insecure component that gave apps without system privileges the ability to run those privileges anyway without user intervention.
The extent to which smartphones were vulnerable to this attack is unknown, but researchers were able to test a Samsung Galaxy S10+ and a Samsung A10e in the compromise tests.
A Samsung Galaxy S8 running Android 8 was found to be non-vulnerable.
The bad news is that anyone with a Samsung smartphone running Android version 9 and later was likely vulnerable to the attack.
The good news is that a patch has been released as part of the February 2022 security maintenance release schedule, Forbes reported.
As long as the device has been updated to the February security patch level or later, the owner is protected.
Not everyone will or will have been able to update, so it’s important to check if the device needs an update.
This information is available in the phone settings app.
The Sun has contacted Samsung for comment.
We pay for your stories!
Do you have a story for The US Sun team?