It would be impossible for developers to conceive of every possible scenario when developing their software, which is why every now and then, security flaws and vulnerabilities are discovered.
In the case of Samsung, security firm Kryptowire actually discovered a new vulnerability – CVE-2022-22292 – which when exploited would allow the hacker to take over the user’s phone. When the phone has been hijacked, the attacker would be able to perform functions like making phone calls, installing or uninstalling apps, weaken the phone’s HTTPS security through unverified certificates, and so on.
According to Alex Lisle, CTO of Kryptowire:
“Ever think someone else has access to your phone? Unfortunately, you may be right. Mobile applications are becoming the primary point of personal and professional activity, representing an increasingly attractive target for bad actors.”
It can even go as far as factory resetting the phone without the user’s permission, so as you can imagine, it could get pretty messy. This vulnerability isn’t specific to a single Samsung device either. It appears that any Samsung phone running Android 9 through 12 is affected, but there is some good news.
The folks at Kryptowire had actually discovered the vulnerability back in November 2021 and alerted Samsung to it. The company released a fix for this flaw back in its February 2022 update, so if for whatever reason you haven’t updated your phone yet, now might be a really good time to do so.
Source: Kryptowire