The Government of India has issued a security warning for Samsung devices through the Indian Computer Emergency Response Team (CERT-In). A notice was issued on December 13 highlighting the security flaws in Samsung Galaxy devices running on specific Android versions.
These vulnerabilities leave the device exposed to hackers, who can exploit these flaws to gain unauthorized access to one’s phone. CERT-In has also suggested measures to protect your phone from these security threats. Let’s have a look.
Security Flaws Detected in Samsung Smartphones
CERT-In’s report mentions that Samsung smartphones running on Android versions 11, 12, 13, and 14 are vulnerable to multiple security flaws. These issues are present due to an access control flaw in KnoxCustomManagerService, which serves as a security layer in Samsung phones.
Hackers can exploit these flaws to access the PIN of your phone. They can also send broadcast messages through your device by gaining control over the messaging commands of the software.
Arbitrary codes can also be executed remotely giving complete control of your device to some other party.
Another flaw in the system leaves the bootloader of the phone vulnerable to remote code execution, which can be used by hackers to deploy any code in the system software.
The report further mentions that these vulnerabilities can leave personal files stored on your phone exposed to hackers. This includes media, stored contacts documents, and even private AR Emoji files. In short, your phone can get completely hijacked by hackers.
Samsung Has Started Patching These Flaws
Samsung has acknowledged the security vulnerabilities in its software and has started releasing patch updates for its phone. The company has worked with Google to fix over 16 known flaws in its system.
Samsung says that users should update their device to the latest software version, and specially install updates released in December 2023. However, the company has not released a list of devices updated with this new patch.
In case you have an old Samsung device whose updates have been discontinued by the company, you can take certain preventive measures to protect your device from these flaws.
Such users should avoid clicking on malicious and unknown links, and stay away from installing third-party apps outside of the Google Play Store. While these measures are not a proper solution to these security flaws, they can surely save your device from being a target practice for hackers.
