English
Specials
    Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeNewsTrendsSamsung phones on high-risk security alert. What government advisory means for users

    Samsung phones on high-risk security alert. What government advisory means for users

    The vulnerabilities impact various Samsung devices, such as the Galaxy S23 series, Galaxy Flip 5, Galaxy Fold 5 and other Samsung devices running Android versions 11, 12, 13 and 14.

    Moneycontrol News
    December 15, 2023 / 11:10 IST
    Samsung phone users of 11, 12, 13 and 1`4 versions should apply the appropriate security updates, CERT-In said.

    The Indian Computer Emergency Response Team (CERT-In), the country’s nodal agency to deal with cybersecurity threats, has issued a high-risk security alert for four versions of Samsung phones, saying multiple vulnerabilities have been reported in these, potentially allowing hackers to bypass the security restrictions and access sensitive information.

    The affected software includes Samsung mobile Android versions 11, 12, 13 and 14. The vulnerabilities impact various Samsung devices, such as the Galaxy S23 series, Galaxy Flip 5, Galaxy Fold 5 and other Samsung devices running Android versions 11, 12, 13 and 14.

    These Samsung phones have security problems because of issues like improper access control in Knox features, issues in the facial recognition software, authorisation problems in the AR Emoji app, among other issues, CERT-In said in the advisory issued on Tuesday.

    These vulnerabilities can allow hackers to “trigger heap overflow and stack-based buffer overflow”, the government agency said. Attackers can also access the user’s SIM PIN, send broadcast, access the AR Emoji app data and access several other sensitive information in the user’s phone, CERT-In said.

    What is the solution?

    Related stories

    Samsung phone users of 11, 12, 13 and 1`4 versions should apply the appropriate security updates as mentioned by the phone manufacturer in its advisory, CERT-In said.

    This week, CERT-In has flagged multiple vulnerabilities in browsers such as Google Chrome for desktop, Microsoft Edge (Chromium-based) as well as Schneider Electric and Microsoft products.

    The Chrome versions with security risks are those prior to 120.0.6099.62 for Linux and Mac and those prior to 120.0.6099.62/.63 for Windows.

    In 2022, CERT-In tackled over 1.39 lakh cybersecurity incidents in 2022, highlighting the vast number of cyber attacks the country faces in terms of malware, phishing, distributed denial of service, ransomware attacks and data breaches.

    Moneycontrol News
    first published: Dec 15, 2023 10:25 am

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347