Samsung mobile users in India have received a serious security alert from the Indian government, urging them to take precautions.
This week, the Indian Computer Emergency Response Team (CERT-In) issued a warning specifically for users of Samsung Galaxy phones. The alert highlights multiple vulnerabilities affecting both old and new models of Samsung phones, posing a high-security risk. Issued on December 13, this warning emphasizes the critical need for existing Samsung users to immediately update their phone’s operating system or firmware.
These vulnerabilities stem from various issues such as improper access control in Knox features, flaws in facial recognition software, authorization problems with the AR Emoji app, errors in Knox security software handling, multiple memory corruption vulnerabilities in system components, and incorrect data size verification in the softsimd library.
The affected software versions range from Android 11 to 14, encompassing numerous Samsung Galaxy phone models in the market. Given the widespread usage of these Android versions, this poses a substantial concern on a large scale.
If exploited, these vulnerabilities could lead to severe consequences. Potential risks include triggering heap overflow and stack-based buffer overflow, accessing the device SIM PIN, broadcasting with elevated privilege, reading sandbox data of AR Emoji, bypassing Knox Guard lock through system time manipulation, accessing arbitrary files, gaining sensitive information, executing arbitrary code, and compromising the targeted system.
Samsung has responded by releasing a software patch to address these issues. Users with Samsung phones operating on Android 11 or higher versions are strongly advised to:
1. Access ‘Settings’ on their Samsung Galaxy phone.
2. Scroll down to ‘Software Update’.
3. Tap ‘Update’ to check for a new version.
4. Install the new update and restart the phone.
If an update is not available, extra caution is recommended when opening links or files from unknown sources. Additionally, refrain from downloading apps from unreliable sources or sideloading apps until the security issue on the device is resolved.
