New Delhi: The Indian government has issued a security advisory for millions of Samsung Galaxy phone users, alerting them of multiple vulnerabilities that could expose their devices to cyberattacks. The Indian Computer Emergency Response Team (CERT-In) published the warning on December 13, stating that the flaws affect Samsung Mobile Android versions 11, 12, 13, and 14.
According to CERT-In, the vulnerabilities could allow an attacker to bypass the security measures implemented by Samsung, access sensitive information stored on the phone, and execute malicious code that could compromise the entire system. The security alert classified the risk level as high, indicating the severity of the threat and the need for immediate action.
Some of the possible consequences of these vulnerabilities include:
- Losing the phone’s secret code (SIM PIN) could enable the attacker to access the phone’s network and services.
- Hearing loud commands from the phone (broadcast with elevated privilege), could disrupt the user’s privacy and security.
- Accessing private AR Emoji files, which could reveal the user’s facial expressions and emotions.
- Changing the clock on the castle gate (Knox Guard lock), could disable the phone’s security features and allow the attacker to tamper with the device.
- Snooping around the phone’s files (accessing arbitrary files), could expose the user’s data, such as photos, contacts, messages, and documents.
- Stealing important information (sensitive information), such as passwords, bank details, credit card numbers, and biometric data.
- Controlling the phone like a puppet (execute arbitrary code), could allow the attacker to perform any action on the phone, such as making calls, sending messages, installing apps, deleting files, and more.
- Taking over the whole phone (compromising the targeted system), could render the phone unusable and cause irreversible damage.
CERT-In advised Samsung Galaxy phone users to update their device’s operating system (OS) and firmware as soon as possible, as Samsung has released a patch to fix these vulnerabilities. The update can be done through the phone’s settings or by connecting the phone to a computer. Users are also advised to avoid downloading apps from untrusted sources, opening suspicious links or attachments, and connecting to public Wi-Fi networks. By following these steps, users can protect their phones from potential cyberattacks and ensure their security and privacy.
