HIGHLIGHTS
- If Samsung cellphones are not updated, they are subject to a severe problem.
- Hackers may make phone calls and even do factory resets.
- Users should upgrade promptly to ensure their safety.
Kryptowire, a security firm, is warning that a wide variety of Samsung devices are vulnerable to a severe security hole that allows hackers to take control of a device.
Kryptowire develops Mobile Application Security Testing (MAST), a technology that searches for vulnerabilities as well as security and privacy concerns. The company discovered a vulnerability (CVE-2022-22292) that could allow a hacker to perform a variety of actions such as making phone calls, installing/uninstalling apps, weakening HTTPS security by installing unverified certificates, running apps in the background, and even factory resetting a device.
Because of a "insecure component" in the pre-installed Phone app, the vulnerability appears to affect practically all Samsung cellphones running Android 9 through 12. Because the Phone app operates with system access, bad actors have a new attack vector. Malicious apps can use the Phone vulnerability to "imitate system-level activities" and get access to otherwise protected functionality. In November 2021, Kryptowire identified the vulnerability and alerted Samsung. In February 2022, the business issued a patch. All Samsung customers are recommended to upgrade promptly to safeguard the safety of their devices.