16 December,2023 02:24 PM IST | New Delhi | mid-day online correspondent
Representational Image
The Centre has issued a new advisory for all the Samsung Galaxy mobile phone users. The Union government has asked them to immediately update their phones to protect themselves from cyber attacks and hacking.
The Centre's nodal agency for cyber security, Indian Computer Emergency Response Team (Cert-In), has issued a high-risk warning for Samsung smartphones.
The Indian Computer Emergency Response Team (CERT-In) has issued the high-risk security advisory on December 13, highlighting several security impacts on millions of Samsung Galaxy phones, with both newer and older models.
The category of concern for Samsung phones is "high-risk", according to the advisory, and owners of these phones need to update their firmware of OS at the earliest.
ALSO READ
Workers' strike hits production of consumer durables at Samsung Chennai plant
Paint the town yellow! Anant puts bucket full of haldi on Nita Ambani, watch
Did you know? Ambani dog Happy owns a luxury car worth Rs 4 crore
Kim Kardashian shares photo with Lord Ganesha idol as prop, deletes later
Kim says ‘India has my heart’, poses with lavish food spread at Ambani wedding
CERT-In classified the vulnerabilities as high-risk and stressed the urgent need for Samsung users to upgrade their phones' operating systems. Samsung Mobile Android versions 11, 12, 13, and 14 are vulnerable to such attacks, the report said.
"Multiple vulnerabilities have been reported in Samsung products that could allow an attacker to bypass implemented security restrictions, access sensitive information, and execute arbitrary code on the targeted system," CERT-In said.
"These vulnerabilities exist due to improper access control flaw in Knox Custom Manager Service and Smart Manager CN component, integer overflow vulnerability in face preprocessing library; improper authorisation verification vulnerability in AR emoji, improper exception management vulnerability in Knox Guard, various out of bounds write vulnerabilities in bootloader, HDCP in HAL, libIfaaCa and libsavsac.so components, improper size check vulnerability in softsimd, improper input validation vulnerability in Smart-Clip and implicit intent hijacking vulnerability in contacts," read the detailed statement.
The exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system, the agency said.
Meanwhile, Samsung Mobile has announced the rollout of a maintenance release as part of its December 2023 security update.
"Samsung Mobile is releasing a maintenance release for major flagship models as part of the monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung," said the South Korean smartphone major on its website.
(With inputs from Agencies)