Security researchers from Kryptowire found a dangerous security hole in Samsung phones running Android 9 to Android 12. This security vulnerability can be accessed by hackers to take over the phone to perform a factory reset.
Kryptowire discovered this vulnerability thanks to its Mobile Application Security Testing (MAST) tool, which can scan for vulnerabilities in mobile phones, as well as various security and privacy issues. The security vulnerability has the code CVE-2022-22292, as quoted from Android Police, Wednesday (6/4/2022).
This security issue is related to the Phone app which is present on all Samsung phones. This application has privileged access to some system features, but because there are loopholes other applications can hijack these privileges.
This security vulnerability allows malicious apps to access protected functions even if they don't get access permission from the user. If this vulnerability is exploited, hackers can do a factory reset, make phone calls, install and uninstall apps at will, weaken HTTPS security, and so on.
Kryptowire has already tested this vulnerability on the Samsung Galaxy S21 Ultra, Galaxy S10+, and Galaxy A10e. This isn't a complete list of affected phones, and Kryptowire says it's only meant to show that different versions, models, and builds of Android are confirmed to have vulnerabilities.
But Samsung phones running legacy Android systems are not affected. For example, the Galaxy S8 running Android 8 isn't at risk, but Kryptowire says it still needs to be investigated further.
Kryptowire first discovered this vulnerability in November 2021 and immediately reported its findings to Samsung. The good news is that Samsung has patched this security hole through an update released in February 2022. So the solution is really easy, just update the Samsung phone software.
For this reason, all Samsung phone users running Android 9 to Android 12 are advised to immediately update their mobile operating system.
It's easy, go to Settings and select the Software Update option. Then select the Download and Install option if there is an update available.