



I’ve been using my iPhone as my main smartphone device these days, but I own a Samsung Galaxy Note 10 + 5G for backup and burner. If you own a Samsung smartphone and are running a wide range of Android versions from 9 to 12, you have good news and bad news. Serious and serious shocking security news.

This week, Kryptowire researchers detailed how hackers discovered serious, high-severity vulnerabilities across multiple models in pre-installed phone apps that could give them control over your phone. The report has been published. What kind of control? Researchers say it’s everything from factory resets and phone calls to installing and removing apps. According to a Kryptowire report, if a victim installs a third-party app tuned to “mimic system-level activity and hijack important protections,” this is all due to unauthorized users. ..

Alex Lisle, Chief Technology Officer of Kryptowire, asked the question, “Have you ever thought that someone else could access your phone?” Here’s the unwelcome news as his answer: “Unfortunately you may be right.” The high-severity vulnerability CVE-2022-22292 discovered by Kryptowire researchers was as shocking as Lisle rang it.

It turns out that the Phone app pre-installed on Samsung smartphones contains insecure components. This allows you to perform local apps, system-level non-privileged apps, and such authorized operations without user approval.

In this shocking full technical report on Samsung’s security fake path, researchers say that devices running any version of Android 9-12 were affected. The exploitation methods for versions 10-12 had some differences compared to version 9, but the results were the same. In other words, the smartphone was compromised without the user’s knowledge.

It’s unclear how vulnerable Samsung smartphones were to this attack method, but researchers were able to demonstrate exploitation, for example, using the Samsung Galaxy S21 Ultra 5G in the latest Android 12 builds. The breach test also used the Samsung Galaxy S10 + and Samsung A10e. However, the Samsung Galaxy S8 running Android 8 turned out not to be vulnerable. The bad news is that if you have most Samsung smartphones running Android version 9 or later, this vulnerability is likely to exist.

I contacted Samsung for an official statement, but there was no response at the time of issuance.

Not everything is bad news. Details of CVE-2022-22292 were disclosed to Samsung on November 27, 2021, and the patch became available as part of the February 2022 Security Maintenance Release Program.

Android security patch levels prior to January 2022 may be exposed to this … [+] Vulnerability

Davie Winder

Assuming your device has been updated to display security patch levels since February 2022, it will be protected. However, not everyone has updated or can update their device. Mea culpa, my own Galaxy Note 10+, was lagging behind in this regard because I hadn’t used it for two months. Therefore, make sure your device is up to date. To do this, go to your smartphone’s settings menu and[電話について],[ソフトウェア情報]Select to scroll down to the Android security patch level.

Dates after February 2022 mean that the device is protected

Davie Winder

