Google says Samsung’s old smartphones have critical security flaw

Google ’s Threat Analysis Group (TAG) has disclosed a significant security flaw in Samsung smartphones, particularly those equipped with company’s older processors. security team stated that affected smartphones contained an exploit that could enable hackers to gain unauthorized access and run arbitrary code. This implies that malicious actors could access personal information and even control device remotely to perform unauthorized actions, such as making payments.

Identified as CVE-2024-44068, vulnerability was discovered in Samsung phones powered by Exys 9820, Exys 9825, Exys 980, Exys 990, Exys 850, and Exys W920. That means devices such as Samsung Galaxy S10 and Galaxy te 10 series are impacted by vulnerability, according to Register. report said Samsung has rolled out a fix as part of a security maintenance update, which rolled out on October 7, but it does t support devices that are longer in Samsung’s regular software update cycle.

“Samsung is committed to providing highest level of security for our users,” a Samsung spokesperson was quoted as saying in report. He urged users to keep ir devices updated with latest software.

Xingyu Jin and Clement Lecigene from Google security team mentioned that hackers may be actively exploiting vulnerability in Samsung processors through what y call an “unlocked room,” which allows m to gain higher privileges on phone and execute malicious code. researchers also mentioned that October patch contains patches for or vulnerabilities that mainly affected media handling processes. y explained that Samsung’s hardware driver processes, specifically for cameras, were targeted where vulnerability could have allowed hackers to rename processes to obscure malicious activity.

What should users do?

If a user has an old Samsung device, particularly with one of highlighted chipsets, y should immediately download and install October security update. In case device longer supports a software update, y should consider switching to a new device to ensure ir data and privacy remain intact.