According to a report by mobile security and privacy solutions firm Kryptowire, Samsung devices running Android 9 to 12 that haven’t been updated to the February 2022 patch are vulnerable to a major cyber threat. The firm has warned that hackers can be able to take control of a wide range of Samsung devices due to a major security flaw.
According to the report by cybersecurity firm, a vulnerability (CVE-2022-22292) in Samsung devices running Android versions 9 through 12 was discovered, which could allow a hacker to infiltrate any device that hasn’t been updated and perform various destructive actions. After gaining control of the Samsung smartphone, hackers can make phone calls, install or uninstall apps, and install unverifiable certificates to degrade HTTPS security. According to the report, the hackers can have apps run in the background and even factory reset the device if they want to.
The security vulnerability, according to the report, is in the phone app, which comes pre-installed on the devices. Hackers could leverage a “insecure component” in the app to allow local apps to “perform privileged operations without user authorization.” Since the Phone app has all of the system permissions, hackers can easily open up an attack vector.
The report added “The CVE-2022-22292 vulnerability was disclosed to Samsung on November 27, 2021 and given a “High” severity rating by Samsung. Samsung patched the vulnerability in February 2022 as part of its ongoing Security Maintenance Release (SMR) process”,
Since the patch was released in February 2022, any Samsung user should update their devices as soon as possible to the latest version.