The Indian government has issued a high-risk warning to Samsung mobile phone users concerning multiple vulnerabilities. These vulnerabilities pose significant threats and users are strongly advised to take protective measures.
In photo - Galaxy S23 Ultra, Galaxy S23+ and Galaxy S23 (Left to right)
New Delhi,UPDATED: Dec 14, 2023 09:27 IST
The Indian government, via the Computer Emergency Response Team of India (CERT-In), has issued a high-risk warning for Samsung mobile phone users regarding multiple vulnerabilities. The warning, labelled CERT-In Vulnerability Note CIVN-2023-0360, highlights critical security issues affecting Samsung Mobile Android versions 11, 12, 13, and 14. These vulnerabilities are rated HIGH due to their potential impact and ease of exploitation.
CERT-In researchers have identified multiple vulnerabilities in Samsung products that pose significant threats, potentially allowing attackers to bypass security restrictions, access sensitive information, and execute arbitrary code on targeted systems. These vulnerabilities are diverse and impact various components of the Samsung ecosystem, as detailed in the CERT-In advisory.
According to CERT-In, the identified vulnerabilities in Samsung products stem from issues such as:
- Improper access control in Knox features.
- Integer overflow flaw in facial recognition software.
- Authorisation issues with the AR Emoji app.
- Incorrect handling of errors in Knox security software.
- Multiple memory corruption vulnerabilities in various system components.
- Incorrect data size verification in the softsimd library.
- Unvalidated user input in the Smart Clip app.
- Hijacking of certain app interactions in contacts.
What are the risks
The successful exploitation of the vulnerabilities could lead to severe consequences, including "may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system,"reads the security note.
Vulnerable devices
The latest found vulnerabilities affect Samsung Mobile Android versions 11, 12, 13, and 14, putting a wide range of Samsung devices, including the Galaxy S23 series, Galaxy Flip 5, Galaxy Fold 5 and other Samsung devices at risk.
How to protect your phone
To mitigate the risks associated with these vulnerabilities, users are strongly advised to take the following actions:
- Apply Security Updates: Users should promptly apply the security updates provided by Samsung in their official security advisory. You can check for updates on your device by going to Settings > Software update > Download and install. Meanwhile, regularly check for updates and install them to ensure the latest security patches are applied.
- Exercise Caution: Until the update is applied, users are also advised to exercise caution while using the affected devices, especially when interacting with untrusted sources or unknown applications.
- Keep your apps up to date: Outdated apps can also contain vulnerabilities that attackers can exploit. Make sure to keep all of your apps up to date by going to the Google Play Store and checking for updates.
- Be careful what apps you install: Users are also advised to only install apps from trusted sources, such as the Google Play Store. Avoid downloading apps from third-party websites, as these may be malicious.
- Be cautious when clicking on links: Do not click on links in emails or messages from unknown senders. These links could take you to phishing websites that are designed to steal your personal information.
Published By:
Divya Bhati
Published On:
Dec 14, 2023
English (US) ·