The flaws were disclosed by bounty hunter and cybersecurity firm Oversecured founder, Sergey Toshin, who claims there are “more than a dozen” of these vulnerabilities, all with differing levels of severity.
While some issues are less dangerous, allowing attackers to steal SMS messages from the target device (only by tricking the victim, it was added), others are stealthier and more dangerous. These often require no action from the victim, and could enable the attacker to read/write arbitrary files with heightened permissions.
- Here’s our list of the best antivirus right now
- We’ve built a list of the best malware removal on the market
- Check out our list of the best ransomware protection available
Due to the severity of the issues, and the fact that it could take Samsung up to two months to release a patch, both parties have been tight-lipped about revealing more detail on these vulnerabilities - so it isn't known which devices or versions of the Android operating system are affected.
Samsung mobile flaws
Toshin has already found more than a dozen vulnerabilities in Samsung’s mobile devices, several of which originated through bloatware (applications that come pre-installed with the device but aren’t required for Android to run).
In other instances, he found that third-party apps could obtain device admin rights, but at the expense of deleting all other apps from the device. This particular bug, which was patched in April this year, impacted the Managed Provisioning app, and has gotten the CVE-2021-25356 tracking number.
Users are advised to update their devices’ firmware regularly. They can do so by navigating to Settings > Software Update, and pressing Check for updates. If there are any updates available, they’ll show on that screen.
The trouble with Android is that, unlike Apple, it’s an open-source operating system, with different manufacturers approaching the updating process differently. The speed at which patches are released depends on the manufacturer (in this case, Samsung), and its support policy, and that can vary from manufacturer to manufacturer.
As of 2019, all Samsung Galaxy devices (its flagship models) are supported with security updates for four years.
- Here’s our rundown of the best endpoint protection out there
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.