Samsung is currently working on a fix for a couple of bugs affecting its mobile devices, which could allow hackers to spy on users and in some cases even take over the entire system.
The flaws were disclosed by bounty hunter and cybersecurity firm Oversecured founder, Sergey Toshin, who claims there are “more than a dozen” of these vulnerabilities, all with differing levels of severity.
While some issues are less dangerous, allowing attackers to steal SMS messages from the target device (only by tricking the victim, it was added), others are stealthier and more dangerous. These often require no action from the victim, and could enable the attacker to read/write arbitrary files with heightened permissions.
Due to the severity of the issues, and the fact that it could take Samsung up to two months to release a patch, both parties have been tight-lipped about revealing more detail on these vulnerabilities – so it isn’t known which devices or versions of the Android operating system are affected.
Samsung mobile flaws
Toshin has already found more than a dozen vulnerabilities in Samsung’s mobile devices, several of which originated through bloatware (applications that come pre-installed with the device but aren’t required for Android to run).
In other instances, he found that third-party apps could obtain device admin rights, but at the expense of deleting all other apps from the device. This particular bug, which was patched in April this year, impacted the Managed Provisioning app, and has gotten the CVE-2021-25356 tracking number.
Users are advised to update their devices’ firmware regularly. They can do so by navigating to Settings > Software Update, and pressing Check for updates. If there are any updates available, they’ll show on that screen.
The trouble with Android is that, unlike Apple, it’s an open-source operating system, with different manufacturers approaching the updating process differently. The speed at which patches are released depends on the manufacturer (in this case, Samsung), and its support policy, and that can vary from manufacturer to manufacturer.
As of 2019, all Samsung Galaxy devices (its flagship models) are supported with security updates for four years.