Google says Samsung’s old smartphones have critical security flaw

Google ’s Threat Analysis Group (TAG) has disclosed a significant security flaw in Samsung smartphones, particularly those equipped with the company’s older processors. The security team stated that the affected smartphones contained an exploit that could enable hackers to gain unauthorized access and run arbitrary code. This implies that malicious actors could access personal information and even control the device remotely to perform unauthorized actions, such as making payments.

Identified as CVE-2024-44068, the vulnerability was discovered in Samsung phones powered by Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, and Exynos W920. That means devices such as Samsung Galaxy S10 and Galaxy Note 10 series are impacted by the vulnerability, according to The Register. The report said Samsung has rolled out a fix as part of a security maintenance update, which rolled out on October 7, but it does not support the devices that are no longer in Samsung’s regular software update cycle.

“Samsung is committed to providing the highest level of security for our users,” a Samsung spokesperson was quoted as saying in the report. He urged users to keep their devices updated with the latest software.

Xingyu Jin and Clement Lecigene from the Google security team mentioned that hackers may be actively exploiting the vulnerability in Samsung processors through what they call an “unlocked room,” which allows them to gain higher privileges on the phone and execute malicious code. The researchers also mentioned that the October patch contains patches for other vulnerabilities that mainly affected media handling processes. They explained that Samsung’s hardware driver processes, specifically for cameras, were targeted where the vulnerability could have allowed hackers to rename processes to obscure malicious activity.

What should users do?

If a user has an old Samsung device, particularly with one of the highlighted chipsets, they should immediately download and install the October security update. In case the device no longer supports a software update, they should consider switching to a new device to ensure their data and privacy remain intact.