Samsung security flaw left phones exposed for years

Mobile security and privacy company Kryptowire has announced that it identified a serious security flaw in Samsung phones affecting devices running Android 9 throughAndroid 12. Samsung has already been informed of the issue and the problem has since been fixed as part of the regular security updates the company provides, so be sure to check if you’ve still got any system updates pending on your Samsung phone.

Sign up forfree

Forgot your password?

Create an account

*Required: 8 chars, 1 capital letter, 1 number

By continuing, you agree to thePrivacy PolicyandTerms of Use.You also agree to receive our newsletters, you’re able to opt-out any time.

4

The security issue in question resides within the pre-installed phone app that all Samsung handsets ship with. The phone app has privileged access to some underlying system features, but due to a flaw, it’s possible for other apps to hijack the phone app’s privileges.

So far, Kryptowire has tested the vulnerability on the Samsung Galaxy S21 Ultra, the S10+, and the A10e, though the company says that the list is not exhaustive and “simply meant to demonstrate that a range of Android versions, models, and builds are verified to be vulnerable.” It wouldn’t be surprising if all recent Samsung phones were affected by the issue. For what it’s worth, it seems like Samsung phones running older Android versions aren’t hit. A Samsung Galaxy S8 running Android 8 wasn’t vulnerable to the attack, though the company says that it requires closer examination.

samsung-generic 1

Samsung patched the vulnerability as part of its regular maintenance updates. The issue was resolved with the February 2022 security update, which hasarrived on almost all recent Samsung phones already, including the Galaxy S9, which Samsung has just stopped supporting this week. Be sure to head to your phone’s system settings and make sure you’re on the latest system update.

Mobile phones are increasingly becoming an ever more lucrative attack target for hackers, and it’s unclear how many more issues there are out in the open, with the criticalDirty Pipe vulnerabilitystill out in the open and pending a fix on some handsets. Always verify you’re up to date with security patches to be protected from the latest disclosed attacks.

article limit background

We’ve reached out to Samsung for comment.

From faster storage to better speakers

Google Pixel 10 lineup against the Hudson River

Carriers get the upper hand

Google’s made several improvements over the years

SIM tray removed on a Google Pixel 9 Pro XL

Pixel 10 Pro XL charges faster wirelessly

The note-taking app I should have used all along

Broader branding hints at wider paid-tier ambitions