21 critical vulnerabilities affect millions of Samsung smartphones
Another day and another security issue affecting mobile devices. Information security experts from tech company Samsung have confirmed the presence of some security vulnerabilities affecting users of multiple smartphones, including the following models
- Galaxy
S8, S9, S10, S10e, S10 Plus, S10 5G, Note 10 and Note 10 Plus
In total, 21 flaws were discovered, one of
which is considered critical; 3 are of high severity, while the rest are
considered moderate severity. Of the 21 vulnerabilities, 17 are related to
Samsung One user interface, while the remaining four reside on the Android
operating system.
According to information security specialists,
the critical vulnerability, tracked as CVE-2019-2215, resides in the Android
operating system and, if exploited, would allow a threat actor to gain control
of the compromised device through a malicious app or through physical access to
the smartphone. Patches to fix this flaw, and all other vulnerabilities on
Android, began to be implemented a couple of days ago. The company and experts
recommend that users update as soon as possible.
Among the vulnerabilities in Samsung is
SVE-2019-15435, which affects Galaxy S9 and Note S9 devices. For now, no major
details are known about these errors, as they were informed to the company
confidentially, to mitigate the risk of exploitation until the patches were
ready.
Company figures indicate that there are about
30 million users of Samsung Galaxy 9 devices and another 10 million users of
Note 9, so the vulnerability could affect up to 40 million users, mentioned
information security specialists.
Because no technical details have been released
about these vulnerabilities, it is difficult to depict a potential attack
scenario. All Samsung has revealed about it is that it is necessary to improve
IMEI security mechanisms to prevent the exploitation of this flaw. This
information suggests that the vulnerability could be related to a way to avoid
IMEI blacklisting, which prevents stolen equipment from being illegally reactivated
and sold again.
Although implementing this set of updates might
cause some performance issues on your computer (something similar to each new
Microsoft update), the International Institute of Cyber Security (IICS)
information security specialists recommend updating as soon as possible,
otherwise the device remains exposed to multiple security risks: “When
vulnerabilities are revealed it begins a race against time for hackers, which
they will try to develop an exploit as soon as possible to engage unsuspecting
users,” the specialists say.
Gloss