Unpatched vulnerabilities could give hackers a significant amount of control over Samsung devices, including reading messages.
Discovered by Sergey Toshin, founder of security company Oversecure, one of these unresolved security flaws could help attackers trick you into granting access to your SMS messages.
Not stopping there, things are even more dangerous when two other vulnerabilities can be exploited by hackers to manipulate arbitrary files with higher permissions. What makes these even scarier is that they can be exploited without any user interaction. Samsung is aware of these security flaws and it may take the company about 2 months to fix. For now, the best defense is to make sure your Samsung phone is up to date with the latest firmware. Toshin said he has found more than a dozen vulnerabilities in Samsung devices since the start of the year, with many of these vulnerabilities already fixed. One of the bugs lies in apps and components like the Secure Folder app and the Knox security software that come pre-installed on Samsung devices. Tohsin told TechCrunch that these may have given attackers access to sensitive user data. Among +Samsung devices, the Galaxy S10+ is verified as affected. Another vulnerability resulted in the deletion of all previously downloaded apps once device admin rights were granted to a newly installed app. Additionally, a vulnerability in the Settings app could grant read/write access to files with system user-level privileges. A security flaw that was resolved in February could have given hackers access to users’ SMS/MMS messages and call details. Toshin also warned Samsung about issues that may have helped bad guys get the SD card content. While Samsung says the vulnerability affects “certain” Galaxy devices, the company appears to be downplaying the scope of the incident. “No issues have been reported globally and users should rest assured that their sensitive information is not at risk. We have addressed the potential vulnerability by developing and releasing security patches through a software update in April and May 2021 as soon as we identify the issue.” Korean company stated. (According to VOV, PhoneArena)