Samsung phones with software dating back to Android 9 are vulnerable to a newly discovered security flaw that could allow hackers to reset phones, make phone calls, install apps, and more.
Mobile security and privacy company Kryptowire uncovered the flaw and reported it to Samsung earlier this year.
Android Police notes that Samsung delivered a patch for the flaw with the February 2022 security update. The update has already arrived on almost all recent Samsung phones, including down to the Galaxy S9. In other words, make sure your Samsung phone is fully updated to protect yourself from the security flaw.
According to details from Kryptowire, the security vulnerability exists within Samsung’s pre-installed phone app. The app ships on all Samsung handsets, although apparently the a Galaxy S8 running Android 8 wasn’t vulnerable to the attack — Kryptowire says that this requires more investigation, however.
Moreover, Kyrptowire was able to confirm the Galaxy S21 Ultra, Galaxy S10+, and Galaxy A10e were impacted but specified the list wasn’t exhaustive. Instead, it’s intended to show that “a range of Android versions, models, and builds are verified to be vulnerable.”
Samsung’s phone app has privileged access to some underlying system features. Due to the flaw, it’s possible for other apps to hijack those privileges. Kryptowire says that apps that manage to hijack those privileges and take advantage of the flaw can factory reset your phone, make phone calls, install and uninstall apps, undermine HTTPS connections to websites, and more — Kryptowire says those are just limited examples of the potential.
Once again, the best thing Samsung phone owners can do is make sure they’re updated to the most recent software. The February 2022 security patch includes a fix for this flaw.
Image credit: Shutterstock