If your Samsung phone is running Android 9-12, it might have been hijacked
Mobile security and privacy solutions provider Kryptowire has revealed that some Samsung phones were found to be vulnerable to a flaw (CVE-2022-22292) that was capable of granting malicious third-party apps a frightening level of control.
The vulnerability was found in phones running Android 9, 10, 11, and 12, including some of Samsung's best phones like the flagship Samsung S21 Ultra 5G and S10 Plus, as well as the mid-range A10e.
The vulnerability was in the pre-installed Phone app and could have granted the permissions, privileges, and capabilities of a system user to a third-party app without any user involvement. The main cause was incorrect access control exhibited by the Phone app and the problem was specific to Samsung devices.
Ever think someone else has access to your phone? Unfortunately, you may be right. Mobile applications are becoming the primary point of personal and professional activity, representing an increasingly attractive target for bad actors.” Alex Lisle, CTO Kryptowire.
The vulnerability could have allowed an app with no permissions to execute actions such as installing or uninstalling arbitrary apps, doing a factory reset, calling a phone number including privileged numbers like 911, and weakening HTTPS security by installing a custom root certificate. Normally, installed apps are dependent on the permissions that a user grants, but in this case, that wasn't required.
Samsung was informed about this on November 27, 2021, and the vulnerability was given a “High” severity rating by the South Korean giant. The February 2022 update comes with a fix for this, so be sure to install it.
Earlier this month, it was reported that some phones that launched with Android 12 installed, such as the Galaxy S22 series, were affected by a security vulnerability called Dirty Pipe. It's not clear yet if the April 2022 update has taken care of this issue.
Things that are NOT allowed: