Users of Samsung Galaxy smartphones are at high risk; the Indian government warns

On December 13, the Ministry of Electronics and Information Technology in India released a security advisory from the Indian Computer Emergency Response Team (CERT-In), alerting users to several vulnerabilities in Samsung smartphones. A critical security flaw was identified in the alert that affected Samsung Mobile Android versions 11, 12, 13, and 14.

"A number of security flaws in Samsung products have been reported, which could enable an attacker to get around security measures, obtain private data, and run arbitrary code on the targeted system," CERT-In said in a note.

Bypassing security measures, gaining access to private information, and running arbitrary code on targeted systems are all possible outcomes of these vulnerabilities for hackers. Because of problems with the AR Emoji app's authorization, erroneous access control in Konox features, and other issues, this would enable attackers to get past Knox Guard, compromise the device's SIM PIN, and access AR Emoji sandbox data. Users are at risk from multiple threats. Hackers may be able to shout commands into the phone, take control of the device, steal confidential data, or look into private AR Emoji files.

Users of Samsung devices were advised to act right away to reduce these risks. It was highly recommended that users install the security updates.

Samsung has refuted requests for comment on the issue.

However, Samsung Security acknowledged the threat by posting a notice on the website stating that it will be releasing security firmware in December of this year along with Google's Android patch.

As part of its monthly Security Maintenance Release (SMR) procedure, Samsung Mobile is releasing maintenance releases for its main flagship models. Google and Samsung patches are included in this SMR package," it said.

What might occur if the CERT advisory is ignored?

If owners of Samsung Galaxy phones do not update their operating system and security patches as instructed by CERT-In, they may be exposed to various risks. These are some of the vulnerabilities that the government highlighted in its advisory.

• The secret code (SIM PIN) of a stolen phone
• Give clear instructions over the phone (broadcast with elevated privilege)
• Examine confidential AR Emoji files
• The castle gate's clock (a Knox Guard lock) should be changed.
• Look through the files on your phone (access arbitrary files)
• Take sensitive information that is important.

Furthermore, Samsung has provided guidelines on how to properly secure phones and ensure that all users stay safe from these hacking attempts.