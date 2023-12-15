The Indian government released security warnings which specifically targeted the users of Samsung Galaxy phones.



The Indian Computer Emergency Response Team (CERT-In) released a security advisory which highlighted the multiple vulnerabilities that have been impacting millions of Samsung Galaxy mobile phones, which include both older and newer models.



The security alert, which was issued on December 13, categorised the concern as high-risk and emphasised the urgency of updating the operating system or firmware in the existing Samsung mobile phones.



"Multiple vulnerabilities have been reported in Samsung products that could allow an attacker to bypass implemented security restrictions, access sensitive information, and execute arbitrary code on the targeted system," said CERT, in its vulnerability note.



The vulnerability note emphasised the issues which might affect Samsung mobile phones that have been using Android versions 11 and above.

“These vulnerabilities exist due to improper access control flaw in Knox Custom Manager Service and Smart Manager CN component, integer overflow vulnerability in face preprocessing library; improper authorisation verification vulnerability in AR emoji, improper exception management vulnerability in Knox Guard, various out of bounds write vulnerabilities in bootloader, HDCP in HAL, libIfaaCa and libsavsac.so components, improper size check vulnerability in softsimd, improper input validation vulnerability in Smart-Clip and implicit intent hijacking vulnerability in contacts,” read the statement.

How are these vulnerabilities affecting Samsung mobiles?

These vulnerabilities have become weak spots in the security walls of the device. If these openings are found by a cyber attacker, they can steal phone's secret code (SIM PIN), peek into private AR Emoji files, change the clock on the castle gate (Knox Guard lock), control the phone like a puppet (execute arbitrary code), steal important information (sensitive information), shout loud commands to phone (broadcast with elevated privilege), snoop around phone's files (access arbitrary files) and take over the whole phone (compromise the targeted system).

Samsung Mobile, meanwhile, announced that they are rolling out a maintenance release under its December 2023 security update.



“Samsung Mobile is releasing a maintenance release for major flagship models as part of the monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung,” the smartphone company said, on its website.



Meanwhile, Samsung Galaxy phone users have been asked to promptly update the operating system (OS) and firmware of their device and if they fail to do so, their mobile phones can be vulnerable to potential threats from hackers.