The government's cybersecurity watchdog, CERT-In, has issued a high-risk warning to users of Samsung smartphones. The advisory, noted as Note CIVN-2023-0360, points out critical security issues affecting phones operating on Android versions 11, 12, 13, and 14, including Samsung's latest flagship series, the Galaxy S23, with the Android 14 update.
Security Risks
CERT-In outlines multiple vulnerabilities in Samsung products, emphasising the potential for attackers to bypass security restrictions. Exploiting these flaws could grant unauthorised access to sensitive information and even allow the execution of arbitrary code, compromising the targeted system.
Potential Exploits
The identified bugs could enable hackers to trigger heap overflow, stack-based buffer overflow, access device SIM PIN, send broadcasts with elevated privilege, read AR Emoji sandbox data, and bypass Knox Guard lock by manipulating system time.
Root Causes of Vulnerabilities
CERT-In attributes these vulnerabilities to various factors, including flaws in KnoxCustomManagerService and SmartManagerCN components, an integer overflow issue in the facepreprocessing library, improper authorisation verification in AR Emoji, and several other vulnerabilities in the bootloader, HDCP in HAL, libIfaaca, libsavsac.so components, softsimd, and Smart Clip.
How to protect your device?
Samsung smartphone users are strongly advised to promptly install security updates. Ongoing vigilance is crucial, and users should regularly patch their phones with updates released by the vendors. Additionally, exercise caution when installing apps, clicking on links, and visiting unfamiliar websites, especially if your phone's software hasn't been updated.
Google Chrome Users, Stay Alert!
The CERT-In bulletin has also issued a highly severe rating, which may cause concern for people who use Chrome on their computers. The alert warns that several vulnerabilities have been identified in Google Chrome that could enable attackers to execute arbitrary code and acquire information from users by luring them to visit specifically targeted websites.
ALSO READ | Government Warning: SBI does not ask for PAN updates via SMS | Here's what you need to know
ALSO READ | Google's 'Pixie' AI assistant in the works exclusively for Pixel devices | Read details