Unpatched vulnerability in Samsung phones could let hackers read your messages
Unpatched vulnerabilities could give hackers a substantial amount of control over your Samsung devices. Discovered by security company Oversecured's founder Sergey Toshin, they were first reported on by BleepingComputer.
One of these as-of-yet unfixed security flaws could help attackers trick you into giving access to your SMS messages.
If that sounds alarming, it gets worse: the two other vulnerabilities could be exploited by hackers to manipulate arbitrary files with elevated permissions. What makes these scarier is they can be exploited without any user interaction.
Samsung is aware of these security flaws and it may take about two months for a fix to arrive. For now, your best defense is to make sure your Samsung phone is on the latest firmware update.
Toshin has found more than a dozen vulnerabilities in Samsung devices since the beginning of the year. Many have already been taken care of.
There was also a flaw in the Settings app that could have given read/write access to files with system user-level privileges. A vulnerability that was addressed in February could have given hackers access to your SMS/MMS messages and call details
Toshin also alerted Samsung to issues that may have helped bad actors retrieve SD card contents.
One of these as-of-yet unfixed security flaws could help attackers trick you into giving access to your SMS messages.
If that sounds alarming, it gets worse: the two other vulnerabilities could be exploited by hackers to manipulate arbitrary files with elevated permissions. What makes these scarier is they can be exploited without any user interaction.
14 out of 17 vulnerabilities found by Toshin have been fixed by Samsung
One of the bugs was in apps and components like Samsung’s Secure Folder app and the company's Knox security software that come pre-installed on its devices. Tohsin told TechCrunch that these could have given attackers access to sensitive user data.
The Samsung Galaxy S10+ is verified to have been affected. Although Samsung says that the flaw affected "selected" Galaxy devices, it appears to be downplaying the breadth of the incident.
There have been no known reported issues globally and users should be assured that their sensitive information was not at risk. We addressed the potential vulnerability by developing and issuing security patches via software update in April and May, 2021 as soon as we identified this issue.
Another flaw led to the deletion of all previously downloaded apps after device admin rights were granted to a newly installed app.
Toshin also alerted Samsung to issues that may have helped bad actors retrieve SD card contents.
Things that are NOT allowed: