Do you remember the case of the Galaxy S10 and Note 10? Their ultrasonic in-screen fingerprint readers allowed anyone to unlock the phones as long as there is a screen protector or some other piece of transparent plastic between a finger and the sensor. Of course, Samsung fixed this in a matter of days but no one knows how many users suffered of this bug. As for now, it seems Samsung still has some unpatched vulnerabilities. They could give hackers a control over the Samsung devices. Some of them were discovered by security company Oversecured’s founder Sergey Toshin. At least, they were first to report about this.
New Security Bug In Samsung Devices
As the firm claims, the yet-to-be-fixed security bug allows hackers to access SMS messages on a number of Samsung devices. However, this is not the worst news. There are two other vulnerabilities that allow the hackers to manipulate arbitrary files with elevated permissions. For this, hackers will need no user interaction.
The Korean manufacturer has been already informed about this. But it seems the patch won’t appear sooner than two months. The best you can do at the moment is to check whether your Samsung devices are on the latest firmware update.
Samsung Smartphones Have Always Had Security Flaws
In fact, there have been more vulnerabilities found by Toshin since the beginning of the year. But most of them were fixed almost immediately. For example, one of them was found in apps and components like Samsung’s Secure Folder app and the company’s Knox security software. Both come pre-installed on all Samsung devices. And it turns out they could give hackers access to sensitive user data. At least, the Samsung Galaxy S10+ was affected. But at that time, Samsung announced that only selected models were affected. We think the scale of the incident is much larger.
There have been no known reported issues globally and users should be assured that their sensitive information was not at risk. We addressed the potential vulnerability by developing and issuing security patches via software update in April and May, 2021 as soon as we identified this issue.
Apart from this, some Samsung devices were deleting all previously downloaded apps. This happened after a newly installed app got their admin rights.
At last, we can recall the flaw when the Samsung devices could give read/write access to files with system user-level privileges. These bug could give hackers access to users’ SMS/MMS messages and call details