Samsung is currently working on a fix for a few bugs affecting its mobile devices, which could allow hackers to spy on users and in some cases even take control of the entire system.
The loopholes were disclosed by bounty hunter and founder of cybersecurity firm Oversecured, Sergey Toshin, who claims there are “more than a dozen” of these vulnerabilities, all with varying severity levels.
While some issues are less dangerous, allowing attackers to steal SMS messages from the target device (only by fooling the victim, it was added), others are more stealthy and more dangerous. These often require no action from the victim and could allow the attacker to read / write arbitrary files with higher permissions.
Due to the severity of the issues and the fact that Samsung could take up to two months to release a fix, both parties have been quiet about revealing more details about these vulnerabilities – so it’s unclear which devices or versions of the Android operating system are affected.
Samsung mobile faults
Toshin has already found more than a dozen vulnerabilities in Samsung’s mobile devices, several of which stem from bloatware (apps that come preinstalled with the device but are not required for Android to work).
In other cases, it has found that third-party apps can gain administrator rights to the device, but at the expense of removing all other apps from the device. This particular bug, which was fixed in April of this year, impacted the Managed Provisioning application and got tracking number CVE-2021-25356.
Users are advised to update the firmware of their devices regularly. They can do this by going to Settings> Software Update and tapping Check for Updates. If any updates are available, they will be displayed on this screen.
The problem with Android is that unlike Apple, it is an open source operating system, with different manufacturers approaching the update process differently. The speed at which fixes are released depends on the manufacturer (in this case, Samsung) and their support policy, and it may vary from manufacturer to manufacturer.
As of 2019, all Samsung Galaxy devices (its flagship models) are supported with security updates for four years.