Tag Archive for: Galaxy

Turn off 2 Pixel and Samsung Galaxy settings to prevent hackers from owning your phone

/in


Google has a Project Zero team that analyzes software and hardware, looking for exploits allowing malicious attackers to get into various gadgets. Project Zero just found one such severe vulnerability, a 0-day issue that would allow hackers to remotely control phones like the Pixel 7 and 6 series, and Samsung Galaxy phones like the Galaxy S22.

The issue resides in the Exynos modems inside those devices. Until manufacturers, Google included, patch them, users should turn off two phone features to eliminate the risk of hacks. These are VoLTE and Wi-Fi calling and shouldn’t impact your overall phone experience.

With VoLTE turned on, you’ll be placing your calls over 4G, and the feature should improve the overall quality of phone calls. Wi-Fi calling, meanwhile, helps you make calls in areas with spotty cellular reception. They’re not must-have features that you immediately think of when buying a new phone. Rather, you take them for granted, if you’re even aware of them.

Whatever the case, you can easily turn these features off from the phone’s Settings app. Once the Exynos patches start rolling in via security updates, you can reenable them.

You might not consider yourself a target for hackers, but that doesn’t mean you’re safe.

Project Zero found 18 vulnerabilities in Exynos modems from late 2022 and early 2023. Four of them are critical, including issues that would allow an attacker to control phones remotely:

The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution. Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

These vulnerabilities are serious enough that they convinced Project Zero to delay the disclosure of the…

Source…

Galaxy S23 Gets Samsung Message Guard To Protect Against Zero-Click Hacks

/in


In a press note announcing Samsung Message Guard, the company describes the solution as an advanced “sandbox” and a “virtual quarantine.” The primary objective of Message Guard is to isolate messages delivered to the smartphone before it can access the device’s files and operating system. Every time a text message is delivered to a Samsung smartphone protected by Message Guard, the tool checks the file bit by bit. This process happens in a controlled environment in such a way that it cannot infect the rest of the smartphone.

Samsung claims that the Message Guard tool preemptively neutralizes any threat hidden in text messages and image files before they could harm the device. What makes the tool even more effective is that it does not need to be enabled separately by the user, and runs invisibly in the background without needing any user interaction. 

In its current form, the tool works with Samsung’s own Messaging app as well as Google Messages. However, Samsung has promised a software update that will also widen the protection net to third-party messaging apps.

Samsung Message Guard is currently enabled by default on the company’s newest Galaxy S23 smartphones. However, the solution will roll out to a broader lineup of Galaxy smartphones and tablets later this year, the company confirmed.

Source…

Samsung Galaxy M53 gets One UI 5.1 in Europe, Galaxy Z Flip3 and Galaxy S21 series receive it it in the US

/in


Samsung’s Android 13-based One UI 5.1, which debuted on the Galaxy S23 series smartphones unveiled earlier this month, is now rolling out for the Galaxy M53 in Ukraine and Russia, with the rollout expected to expand to other regions soon.

One UI 5.1 for the Samsung Galaxy M53 comes with firmware version M536BXXU2CWB3 and February 2023 Android security patch.

Samsung has also released One UI 5.1 for the carrier-locked Galaxy Z Flip3 and Galaxy S21 series in the US. It’s seeding for the Galaxy Z Flip3 units locked to Xfinity Mobile’s network with firmware version F711USQU3FWB1, while the Galaxy S21, Galaxy S21+, and Galaxy S21 Ultra on Xfinity Mobile’s network are receiving the update with firmware G99xUSQU5EWAI. Devices locked to other carrier networks should receive One UI 5.1 soon.

The One UI 5.1 update for the Galaxy Z Flip3 and Galaxy S21 trio also bumps up the Android security patch level on the smartphones to February 2023.

If you haven’t received One UI 5.1 yet, you can check for it manually by heading to your phone’s Settings > Software update menu.

Via 1, 2, 3

Source…

Samsung Galaxy Store security flaws may allow hackers to install apps and more, here’s how

/in


The Galaxy Store is Samsung’s app store that comes pre-installed on the company’s devices. A new security flaw in the Galaxy Store is reportedly making Samsung’s devices vulnerable and is leaving users at potential risk. Samsung users have been advised to update the Galaxy Store on their Samsung smartphone or tablet immediately, to avoid any attack. According to a report by 9To5Google, cybersecurity researchers at NCC Group have revealed two significant security vulnerabilities affecting the Galaxy Store app store.
These security flaws are being shipped on Samsung’s Android smartphones and tablets. The South Korea-based tech giant has fixed both vulnerabilities, but users will need to update the store to apply these fixes. Samsung has already rolled out the Galaxy Store version 4.5.49.8 update to patch both of these security issues.
Samsung Galaxy Store security flaw: What are they
The first vulnerability is named CVE-2023-21433 and it is caused by “improper access control” in the Galaxy Store. This flaw allows attackers to install apps on a user’s device without their permission. For hackers to install the app, it has to be available on the Galaxy Store in the first place. However, the issue only affects Samsung Galaxy devices running Android 12 and older.

Devices that have been upgraded to Android 13 are immune to this particular issue. The impact of this vulnerability is relatively minor as it can only install apps from the app store. However, this is not a safe practice and used should fix the issue immediately.
Another vulnerability is called CVE-2023-21434 and it also had the potential to cause trouble. This bug caused Galaxy Store’s webview filter to configure improperly. This allowed users to access risky domains as long as they had similar elements to an approved URL. The primary concern with his flaw was the JavaScript attacks, which could have been loaded.
Also Watch:

Samsung AX46 Air Purifier: Bigger but is it better?

Source…