MILLIONS of owners of the Samsung Galaxy smartphone face a security threat.
Those with an Android version 9 through 12 are at risk.
Researchers at Kryptowire published a report detailing how they discovered a serious vulnerability in the pre-installed Phone app across multiple models that could enable a hacker to take control of someone’s phone, Forbes reported.
The control could include a factory reset, making calls and both installing and deleting apps.
An unauthorized user could gain this type of access if the victim installed any third-party app that was altered to “mimic the system-level activity and hijack critical protected functionality,” according to the Kryptowire report.
The Phone app comes installed on all Samsung smartphones.
It was found to have an insecure component that gave apps without system privileges the ability to perform those privileges anyway without user operation.
The full extent to which the smartphones were vulnerable to this attack is unknown, but researchers were able to test a Samsung Galaxy S10+ and Samsung A10e during the compromise testing.
A Samsung Galaxy S8 running Android 8 was found not to be vulnerable.
The bad news is anyone with about any Samsung smartphone running Android version 9 and onwards is likely to have been vulnerable to the attack.
The good news is a patch was made as part of the February 2022 security maintenance release program, Forbes reported.
As long as the device has been updated showing the security patch level of February or later, the owner is protected.
Not everyone will have updated or have been able to do so, so it’s important to check if the device needs an update.
This information is available in the phone’s settings app.
The Sun reached out to Samsung for comment.
We pay for your stories!
Do you have a story for The US Sun team?
This post first appeared on Thesun.co.uk