Kryptowire, a company that provides mobile security and privacy solutions, has announced that it has discovered a serious security vulnerability in Samsung devices running Android versions 9 through 12. The vulnerability (CVE-2022-22292) allows local applications to mimic system-level activity and “hijack” crucial secure functionality.
After hijacking your device, attackers are given the option to perform a factory reset (read: erase all user data), make phone calls (including to emergency numbers such as 112), install/uninstall apps and install https security. weaken it by installing arbitrary root certificates. All this from untrusted apps running in the background and without end user consent.
The CVE-2022-22292 vulnerability was notified to Samsung on November 27, 2021, and received a “High” severity rating from the manufacturer. In February 2022, Samsung patched the vulnerability as part of its ongoing Security Maintenance Release (SMR) process. The vulnerability resides in the pre-installed Phone app that runs with system privileges on Samsung devices running Android versions 9 through 12. The Phone app has an insecure component that allows local apps to perform privileged actions without user consent.
If for whatever reason you haven’t updated your Samsung phone yet, we think it’s an excellent time to do so. Technical information about the Samsung vulnerability can be found here.