The Indian government has issued a high-risk warning for Samsung mobile phone users due to several vulnerabilities via the Computer Emergency Response Team of India (CERT-In). The CERT-In Vulnerability Note CIVN-2023-0360 alert reveals major security flaws in Samsung Mobile Android versions 11, 12, 13, and 14. Because of their potential impact and ease of exploitation, these vulnerabilities are graded HIGH.
CERT-In researchers discovered many vulnerabilities in Samsung devices that might allow attackers to circumvent security constraints, access sensitive information, and execute arbitrary code on targeted computers. As outlined in the CERT-In alert, these vulnerabilities are broad and affect numerous components of the Samsung ecosystem.
The detected vulnerabilities in Samsung devices, according to CERT-In, originate from concerns such as:
In Knox features, there is insufficient access control.
Facial recognition software has an integer overflow problem.
The AR Emoji app has authorization difficulties.
Incorrect error handling in Knox security software.
Multiple memory corruption flaws have been discovered in various system components.
The softsimd library’s data size verification is incorrect.
In the Smart Clip app, there was unvalidated user input.
In contacts, certain app interactions are hijacked.
What are the dangers?
The successful exploitation of the vulnerabilities “may allow an attacker to trigger heap fill up and stack-based buffer overflow, access device SIM PIN, send broadcast with raised privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access random files, gain sensitive information, execute arbitrary code, and compromise the targeted system,” according to the security note.
The most recent discovered vulnerabilities impact Samsung Mobile Android versions 11, 12, 13, and 14, putting a wide variety of Samsung devices, including the Galaxy S23 series, Galaxy Flip 5, and Galaxy Fold 5, at risk.
How to Safeguard Your Phone
Users are strongly encouraged to take the following steps to reduce the risks associated with these vulnerabilities:
Install Security upgrades: Users should install the security upgrades recommended by Samsung in their official security alert as soon as possible. Go to Settings > Software update > Download and install to check for updates on your device. Meanwhile, check for and install updates on a regular basis to ensure that the most recent security fixes are deployed.
Exercise Caution:Â
Users are also encouraged to exercise caution while using the vulnerable devices until the update is deployed, particularly when engaging with untrusted sources or unfamiliar applications.
Keep your apps up to date:Â
Maintain app updates: Outdated applications may include vulnerabilities that attackers might exploit. Keep all of your apps up to date by visiting the Google Play Store and searching for updates.
Be careful what apps you install:Â
Install programs with caution: Users are also recommended to only install software from reputable sources, such as the Google Play Store. Avoid downloading programs from third-party websites, which may include harmful code.
Be cautious when clicking on links:Â
Clicking on links in emails or texts from unknown senders is not recommended. These hyperlinks may direct you to phishing websites aimed to steal your personal information.
