Samsung Galaxy device owners beware! New flaw can delete all data, make random phone calls

A new vulnerability in the Samsung Galaxy Android OS could pose a security risk to devices. Kryptowire discovered the new vulnerability in Samsung Galaxy Android phones running Android 9.0, Android 10.1, Android 11.1, or Android 12. This vulnerability was discovered in native

Security firm CISO found a new vulnerability in Samsung Galaxy phones that could allow any app (including those with zero permissions) on the device to give random instructions. The vulnerability is in the phone app, which was pre-installed. As the system user, the malicious player can execute these instructions. This vulnerability affects Android version 10, 11 and 12.

Android 9 has the same vulnerability, but it permits zero-permission apps to create arbitrary intent objects. This vulnerable app also sends these instructions to the broadcast receiver apps components.

What will this mean for users?

The vulnerability in Samsung’s phone app allows third parties (even those with no permissions) the ability to perform things such as factory reset, calling phone numbers and calling privileged numbers (e.g. Install a custom certificate authority and call emergency numbers. All permissions can be accessed by any app that is installed on the smartphone without the need for consent.

These capabilities can all be performed programmatically, without user intervention. These are just a few of the vulnerabilities available to third-party apps through the pre-installed vulnerable app.

This vulnerability affects phones as old as the Samsung S21 Ultra 5G with the latest Android 12 version.

This vulnerability affects devices

Samsung S 21 Ultra 5G (SM-G998U1): Android 12 Samsung S 21 Ultra 5G (SM-G998U1): Android 11

Samsung S10+ (SM-G975F): Android 10

Samsung A10e (SM-A516B): Android 9

Faqs

Conclusion

A vulnerability in the Samsung Galaxy Android OS could pose a security risk to devices. CISO discovered a new vulnerability in Samsung Galaxy phones that could allow any app on the device to give random instructions. The vulnerability is in the phone app, which was pre-installed. As the system user, the malicious