Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android 9, 10, 11, and 12 devices.
The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component which allows local apps to perform privileged operations without any user interaction.
“The vulnerability could give attackers the ability to initiate a factory reset (i.e., deleting all user data), make phone calls (including to emergency numbers such as 911), install/uninstall apps, weaken HTTPS security by installing arbitrary root certificates, all from untrusted apps running in the background and without end-user approval.” reads the advisory published by Kryptowire.
A remote attacker can trigger the vulnerability to force a factory reset, make phone calls, install/uninstall apps, install root certificates to eavesdrop on protected traffic, all from untrusted apps running in the background and without end-user approval.
“Ever think someone else has access to your phone? Unfortunately, you may be right,” said Alex Lisle, CTO of Kryptowire. “Mobile applications are becoming the primary point of personal and professional activity, representing an increasingly attractive target for bad actors.”
The CVE-2022-22292 vulnerability has been rated as high severity and was reported to Samsung on November 27, 2021. The company addressed the issue in February with the release within the Security Maintenance Release (SMR) process.
Please vote Security Affairs as best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Samsung)