Indian govt warns Samsung users about major security risk; Know how to secure your phone

Share via:

The Indian government, through the Computer Emergency Response Team of India (CERT-In), has issued a high-risk warning to users of Samsung Galaxy phones.

CERT-In has published Vulnerability notes on its website (13-12-2023)
CIVN-2023-0361 – Multiple Vulnerabilities in Google Chrome for Desktop
CIVN-2023-0360 – Multiple Vulnerabilities in Samsung Products
Details are available on CERT-In website (https://t.co/EfuWZNuFJC)

— CERT-In (@IndianCERT) December 14, 2023

The alert, identified as CERT-In Vulnerability Note CIVN-2023-0360, points to critical security vulnerabilities in Samsung Mobile Android versions 11, 12, 13, and 14.

According to CERT0In, These severe vulnerabilities could allow attackers to bypass security measures, access sensitive information, and execute arbitrary code on targeted systems.

Nature of vulnerabilities

CERT-In’s research reveals multiple vulnerabilities, including improper access control in Knox features, an integer overflow flaw in facial recognition software, authorization issues with the AR Emoji app, and incorrect handling of errors in Knox security software.

Additionally, there are multiple memory corruption vulnerabilities in various system components, incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and hijacking of certain app interactions in contacts, it said.

What are the potential risks?

CERTN-In said the attackers might trigger a heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcasts with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, and compromise the targeted system. 

The threat extends to various Samsung devices, including the Galaxy S23 series, Galaxy Z Flip5, Galaxy Z Fold5, and more.

How to secure your phone?

Samsung has released software patches to address these issues. Users are advised to:

Apply Security Updates: Navigate to Settings > Software update > Download and install on your device to apply the latest security patches.
Exercise Caution: Be vigilant, especially when interacting with untrusted sources or unknown applications.
Update Apps Regularly: Ensure all apps are updated via the Google Play Store.
Install Apps from Trusted Sources: Avoid downloading apps from third-party websites.
Be Cautious with Links: Avoid clicking on links from unknown senders.

Tip of the day: Beware of android apps malware.#indiancert #cyberswachhtakendra #staysafeonline #cybersecurity #G20India #g20dewg #besafe #staysafe #mygov #meity #onlinefraud #cybercrime #scam #cyberalert #CSK #cybersecurityawareness #cyberdost #DigitalIndia pic.twitter.com/9CvPlTRJLC

— CERT-In (@IndianCERT) December 13, 2023

Join our new WhatsApp Channel for the latest startup news updates

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Indian govt warns Samsung users about major security risk; Know how to secure your phone

The Indian government, through the Computer Emergency Response Team of India (CERT-In), has issued a high-risk warning to users of Samsung Galaxy phones.

CERT-In has published Vulnerability notes on its website (13-12-2023)
CIVN-2023-0361 – Multiple Vulnerabilities in Google Chrome for Desktop
CIVN-2023-0360 – Multiple Vulnerabilities in Samsung Products
Details are available on CERT-In website (https://t.co/EfuWZNuFJC)

— CERT-In (@IndianCERT) December 14, 2023

The alert, identified as CERT-In Vulnerability Note CIVN-2023-0360, points to critical security vulnerabilities in Samsung Mobile Android versions 11, 12, 13, and 14.

According to CERT0In, These severe vulnerabilities could allow attackers to bypass security measures, access sensitive information, and execute arbitrary code on targeted systems.

Nature of vulnerabilities

CERT-In’s research reveals multiple vulnerabilities, including improper access control in Knox features, an integer overflow flaw in facial recognition software, authorization issues with the AR Emoji app, and incorrect handling of errors in Knox security software.

Additionally, there are multiple memory corruption vulnerabilities in various system components, incorrect data size verification in the softsimd library, unvalidated user input in the Smart Clip app, and hijacking of certain app interactions in contacts, it said.

What are the potential risks?

CERTN-In said the attackers might trigger a heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcasts with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, and compromise the targeted system. 

The threat extends to various Samsung devices, including the Galaxy S23 series, Galaxy Z Flip5, Galaxy Z Fold5, and more.

How to secure your phone?

Samsung has released software patches to address these issues. Users are advised to:

Apply Security Updates: Navigate to Settings > Software update > Download and install on your device to apply the latest security patches.
Exercise Caution: Be vigilant, especially when interacting with untrusted sources or unknown applications.
Update Apps Regularly: Ensure all apps are updated via the Google Play Store.
Install Apps from Trusted Sources: Avoid downloading apps from third-party websites.
Be Cautious with Links: Avoid clicking on links from unknown senders.

Tip of the day: Beware of android apps malware.#indiancert #cyberswachhtakendra #staysafeonline #cybersecurity #G20India #g20dewg #besafe #staysafe #mygov #meity #onlinefraud #cybercrime #scam #cyberalert #CSK #cybersecurityawareness #cyberdost #DigitalIndia pic.twitter.com/9CvPlTRJLC

— CERT-In (@IndianCERT) December 13, 2023

Join our new WhatsApp Channel for the latest startup news updates

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Swift, UBS, Chainlink pilot tokenized fund settlement

Swift, UBS and Chainlink aim to modernize traditional...

PayPay expands digital wage payment system in Japan

PayPay's digital wage payment service was initially exclusive...

Apple @ Work Podcast: Password security 101

Apple @ Work is exclusively brought to you...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!