Samsung devices running Android 9 to 12 which haven’t been updated to the February 2022 patch by the company are under a major cyber threat, as per a report by mobile security and privacy solutions company Kryptowire. The firm has warned that owing to a major security flaw in a wide range of Samsung devices, they might be taken over by hackers.
The cybersecurity firm, in a report, said that it discovered a vulnerability (CVE-2022-22292) in
Samsung devices running Android versions 9 through 12 that could allow a hacker to infiltrate any device that’s not been updated and perform a range of dangerous actions. After taking over the Samsung device, hackers can make phone calls, install or uninstall apps, install unverifiable certificates to weaken the HTTPS security. They can make apps run in the background and even factory reset the device if they want to, said the report.
As per the report, the vulnerability lies in the Phone app which comes pre-installed in the devices. The app has an “insecure component” which could be exploited by the hackers to make local apps “perform privileged operations without user authorization.” Since the Phone app has all the system permissions, it becomes easy for the hackers to open up an attack vector.
“The CVE-2022-22292 vulnerability was disclosed to Samsung on November 27, 2021 and given a “High” severity rating by Samsung. Samsung patched the vulnerability in February 2022 as part of its ongoing Security Maintenance Release (SMR) process”, added the report.
Since the patch was released in February 2022, it is a must that any Samsung user should update their devices to the latest version as soon as they can.