Samsung Phones Vulnerable To Attackers
Samsung owners have been warned of a vulnerability issue affecting devices running Android 9 to Android 12. The security concern allows for attackers to factory reset users phones without authorization or identification, amongst other things.
Gaining access via malicious apps, hackers are able to make phone calls, install/uninstall apps (including malware) and weaken HTTPS security without user verification.
The issue was discovered by mobile security company Kryptowire, who revealed the issue to Samsung late last year on November 27th. The CVE-2022-22292 vulnerability was assigned a “High Severity” rating and patched in February this year.
Despite the issue being fixed, Kryptowire urge that automated mobile security scanning should become the mainstream for both individuals and businesses.
“Mobile applications are becoming the primary point of personal and professional activity, representing an increasingly attractive target for bad actors,” said Kryptowire CTO, Alex Lisle.
The issue originated in the phones own pre-installed phone application, which let local apps make changes to system-level components without needing verification.