16 December,2023 02:24 PM IST | New Delhi | mid-day online correspondent
Representational Image
The Centre has issued a new advisory for all the Samsung Galaxy mobile phone users. The Union government has asked them to immediately update their phones to protect themselves from cyber attacks and hacking.
The Centre's nodal agency for cyber security, Indian Computer Emergency Response Team (Cert-In), has issued a high-risk warning for Samsung smartphones.
The Indian Computer Emergency Response Team (CERT-In) has issued the high-risk security advisory on December 13, highlighting several security impacts on millions of Samsung Galaxy phones, with both newer and older models.
The category of concern for Samsung phones is "high-risk", according to the advisory, and owners of these phones need to update their firmware of OS at the earliest.
ALSO READ
SC to hear petition for expert committee to combat cyber fraud
Delhi Custom seizes 12 iPhone 16 Pro Max from 4 passengers at IGI Airport
China builds rapidly on LAC, India matches pace
No question of privatising railways: Ashwini Vaishnaw in Nashik
Modi govt facilitating recruitment of Indians in war-torn West Asia:Kharge
CERT-In classified the vulnerabilities as high-risk and stressed the urgent need for Samsung users to upgrade their phones' operating systems. Samsung Mobile Android versions 11, 12, 13, and 14 are vulnerable to such attacks, the report said.
"Multiple vulnerabilities have been reported in Samsung products that could allow an attacker to bypass implemented security restrictions, access sensitive information, and execute arbitrary code on the targeted system," CERT-In said.
"These vulnerabilities exist due to improper access control flaw in Knox Custom Manager Service and Smart Manager CN component, integer overflow vulnerability in face preprocessing library; improper authorisation verification vulnerability in AR emoji, improper exception management vulnerability in Knox Guard, various out of bounds write vulnerabilities in bootloader, HDCP in HAL, libIfaaCa and libsavsac.so components, improper size check vulnerability in softsimd, improper input validation vulnerability in Smart-Clip and implicit intent hijacking vulnerability in contacts," read the detailed statement.
The exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system, the agency said.
Meanwhile, Samsung Mobile has announced the rollout of a maintenance release as part of its December 2023 security update.
"Samsung Mobile is releasing a maintenance release for major flagship models as part of the monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung," said the South Korean smartphone major on its website.
(With inputs from Agencies)
