Samsung phones with software dating back to Android 9 are vulnerable to a recently discovered security flaw that could allow hackers to reset phones, make phone calls, install apps, and more.
Mobile security and privacy company Kryptofil discovered the flaw and reported it to Samsung earlier this year.
android font notes that Samsung provided a fix for the flaw with the February 2022 security update. The update has already arrived on almost all recent Samsung phones, including up to the Galaxy S9. In other words, make sure your Samsung phone is fully updated to protect yourself from the security breach.
According to details from Kryptowire, the security flaw exists in Samsung’s pre-installed phone app. The app ships on all Samsung handsets, though apparently a Galaxy S8 running Android 8 wasn’t vulnerable to the attack — Kryptowire says this needs further investigation, though.
In addition, Kyrptowire was able to confirm that the Galaxy S21 Ultra, Galaxy S10+ and Galaxy A10e were impacted but clarified that the list was not exhaustive. Instead, it’s meant to show that “a range of Android builds, models, and versions are verified to be vulnerable.”
Samsung’s phone app has privileged access to some underlying functionality of the system. Due to the flaw, it is possible for other applications to hijack these privileges. Kryptowire says apps that manage to hijack those privileges and take advantage of the flaw can factory reset your phone, make phone calls, install and uninstall apps, undermine HTTPS connections to websites, and more. .
Again, the best thing Samsung phone owners can do is make sure they’re updated with the latest software. The February 2022 security patch includes a fix for this flaw.
Image credit: Shutterstock