Samsung smartphone warning: Pre-installed apps caught spying

It has been a whirlwind week for security updates and vulnerability flaws. Not only has one of the biggest data leaks been found online, but Google’s Chrome also received an urgent patch to fix problematic issues.

It seems that now it is Samsung’s turn to update its mobile phones’ security. Unfortunately, seven flaws hide in Samsung’s default, pre-installed apps by a mobile security startup company.

Samsung suffered from a different flaw earlier this year. Security researchers discovered that certain Galaxy Note 20 devices could have been unlocked by using any fingerprint for authentication. That flaw has since been fixed. Keep reading to find out how to fix the latest issue.

Here’s the backstory

The flaws could be used to access and edit your contacts, calls and text messages. Unless you update your Samsung device, you will still be vulnerable to attack. Samsung declined to specify which devices are affected, only saying it occurred in “selected” models.

Breaching an unpatched device means cybercriminals could also install malicious apps with administrator rights and change the device’s default settings.

In a blog post explaining each of the flaws, Oversecure said that: “These vulnerabilities could have led to a GDPR violation, and we are delighted that we could help Samsung identify and fix these vulnerabilities in a timely manner.”

One of the flaws was discovered in Samsung’s Knox app. It’s a proprietary security framework pre-installed on most Samsung mobile devices and is mainly used by companies. Designated as CVE-2021-25388, the breach could lead to the “installation of arbitrary apps and device-wide theft of arbitrary files.” In short: all your files could be stolen.

For the flaw in the Managed Provisioning app, Oversecure was able to breach the code and inject its own commands into it. This forced the app to download a malicious app onto the device.

What you can do about it

If you haven’t updated your Samsung device, especially if its new, you must do so as soon as possible. Here’s how:

  • Swipe down with two fingers from the top of the screen and tap the Settings icon.
  • Swipe to and then tap Software update or System updates. It will vary between models.
  • Tap Download and install, or Check for system updates. If an update is available it will begin downloading, though you may need to tap Download now on some devices. When the download is complete follow the on-screen instructions to install the update.

You can set it up so that your device will download updates automatically, just tap the Auto download over Wi-Fi switch.

Samsung has been a bit vague about the discovered flaws.

“There have been no known reported issues globally and users should be assured that their sensitive information was not at risk. We addressed the potential vulnerability by developing and issuing security patches via software update in April and May 2021 as soon as we identified this issue,” the company said in a statement.

Keep reading

Save your Samsung Cloud data before it disappears

Best smartphone alternatives to Apple and Samsung

Tags: Apple, cybercriminals