CERT-In Issues Caution Against Critical Flaw In These Samsung Phones

Computer Emergency Response Team or CERT-In has issued a high-risk warning (CIVN-2023-0360) for Samsung Mobile users in India, highlighting critical security issues in Samsung phones running Android versions 11, 12, 13, and 14, the media has reported. The phones are susceptible to vulnerabilities that could enable an attacker to covertly access and retrieve data from your device.

The risk advisory indicates that these vulnerabilities may enable an attacker to circumvent security restrictions, gain access to sensitive information and execute arbitrary code on targeted systems. According to CERT-In, these security vulnerabilities have the potential to affect different components within the Samsung ecosystem.

Attackers could exploit these vulnerabilities to override security restrictions, obtain sensitive information and execute arbitrary code on targeted systems. The issues arise from diverse sources, including improper access control in Knox features, an integer overflow flaw in facial recognition software, authorisation issues with the AR Emoji app, and other factors.

A successful exploitation of these flaws by an attacker can result in severe consequences. According to an official statement, it "may enable an attacker to initiate heap overflow and stack-based buffer overflow, retrieve the device SIM PIN, broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock by altering system time, access arbitrary files, obtain sensitive information, execute arbitrary code, and compromise the targeted system".

Samsung Phones That Will Be Affected By The Flaw

These security vulnerabilities may impact several Samsung handsets, including the flagship Galaxy S23 series, Galaxy Flip 5, Galaxy Fold 5 and other Samsung devices running Android versions 11, 12, 13, and 14 OS. To perform the device update, navigate to your phone settings. Afterwards, follow these steps: About device > Software update > Download and install.

Menwhile, Apple's cybersecurity team recently met with CERT-IN to discuss the notification alerts sent to several notable iPhone users in India. Last month, Apple notified about "state-sponsored attackers attempting remote compromises" on iPhones belonging to certain opposition party leaders. This notification sparked concerns about potential state involvement in hacking their phones.