Security firm Cryptoir warns Samsung’s wide range of devices is at risk for a major security flaw that could allow hackers to take over a device.
Kryptowire Mobile Application creates Security Testing (MAST), a tool that scans for vulnerabilities, as well as security and privacy issues. It discovered a weakness () Which can allow a hacker to perform a variety of actions, including making phone calls, installing / uninstalling apps, installing unverified certificates, undermining HTTPS security, running apps in the background, and even factory resetting a device.
See also: What are Android security updates and why are they important?
The vulnerability seems to affect virtually all Samsung smartphones running Android 9 to 12, thanks to a pre-installed phone app that has “insecure content”. Since the phone app runs with the convenience of the system, it opens up an attack vector for bad actors. Malicious apps can exploit phone vulnerabilities to “duplicate system-level activity” and access functionality that would otherwise be protected.
Alex Leslie, CTO of Cryptoir, describes the effects of the vulnerability:
“Ever wondered if someone else could access your phone? Unfortunately, you could be right. Mobile apps are becoming the starting point for personal and professional activity, which represents an increasingly lucrative goal for bad actors.”
Kryptowire first discovered the vulnerability in November 2021 and reported it to Samsung. The company released a fix in February 2022 All Samsung users are encouraged to update immediately to make sure their phones are safe.