You own a Samsung Smartphone launched 2014 onwards? Well you are at risk, and your device is potentially at threat. Here’s what you need to know and what you should be doing. A security vulnerability has been found in the recent update which can enable arbitrary remote code execution (RCE) if exploited.
The arbitrary RCE can be carried out without user interaction, and it’s been rated perfect 10 risk under the common vulnerability scoring system (CVSS).
The security vulnerability on the Samsung phones is confirmed to be a “zero-click” threat which doesn’t require any manual confirmation. The security vulnerability affects all the Samsung Galaxy smartphones launched from 2014 to till date.
What’s Perfect 10 Critical Vulnerability On Galaxy Phones?
The Samsung security vulnerability has been rated perfect 10 risk under the common vulnerability scoring system (CVSS). Discovered by researchers at Google’s Project Zero, the Samsung critical vulnerability exists within the Qmage image format.
Built on Android, the security vulnerability can be exploited with the feature without the need of any manual interaction.
Since late 2014 Samsung supports .qmg format, and it’s there on all the Samsung Galaxy smartphone devices.
So, to put it in layman terms, if anybody has any such ill intention, your Samsung Galaxy smartphone can be directly attacked, and you won’t even have to do anything, it’s been termed as zero-click attack. A similar zero-click vulnerability was recently found in the Apple ecosystem as well.
How My Samsung Device Will Get Affected?
The Samsung Galaxy smartphones handle .qmg images sent to the device. Samsung phones run on Android and images are processed by Skia, Android graphics library. Now one can directly attack your Galaxy smartphone to discover where the Skia library is in device memory, and get access to files.
Once Skia is located on the Samsung Galaxy smartphone, the hacker may execute code without you even clicking on anything, also called arbitrary remote code execution (RCE).
Anyone with any malicious intent can easily get into your Samsung smartphone and do anything they want without you even participating. You are neither accessing any potentially dangerous file or downloading any malicious content.
Samsung Critical Vulnerability: What Should You Do?
The company has already included a patch in the May 2020 security update for Samsung phones. It adds additional layers of proper validation to prevent memory overwrite. Update your Galaxy smartphone as soon as you receive the update.
While Samsung is still yet to roll out upstates to several Galaxy smartphones, many devices are still at risk.
The older your Samsung Galaxy device is, more time will it take to reach. Samsung is working to send in updates as early as possible, but it’s a critical update after all, and probably all the Samsung devices will receive the update in a few days.