Govt issues warning for some Samsung phones, advises urgent update

Indian gov's nodal agency to deal with cyber security, the Computer Emergency Response Team (CERT-In) has issued a warning for some Samsung mobile phones, highlighting multiple vulnerabilities. The warning highlighted critical security issues affecting Samsung Mobile Android versions 11, 12, 13, and 14.

"Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system," CERT-In, which works under Ministry of Electronics and Information Technology of the Government of India, said in its advisory.

The agency said that the vulnerabilities are diverse and impact various components of the Samsung ecosystem.


"These vulnerabilities exist due to improper access control flaw in KnoxCustomManagerService and SmartManagerCN component, integer overflow vulnerability in facepreprocessing library; improper authorization verification vulnerability in AR Emoji, improper exception management vulnerability in Knox Guard, various out of bounds write vulnerabilities in bootloader, HDCP in HAL, libIfaaCa and libsavsac.so components, improper size check vulnerability in softsimd, improper input validation vulnerability in Smart Clip and implicit intent hijacking vulnerability in contacts," it said.

CERT-In warned that attackers may explot the vulnerabilities to "access device SIM PIN, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time and gain access to sensitive information, execute arbitrary code and compromise the targeted system".

To mitigate the risks associated with these vulnerabilities, users are advised to promptly apply the security updates provided by Samsung in their official security advisory. Until the update is applied, users are also advised to exercise caution while using the affected devices, especially when interacting with untrusted sources or unknown applications.