Samsung’s old smartphones could be vulnerable, says Google

Google’s Threat Analysis Group (TAG) has revealed a critical vulnerability in Samsung smartphones, especially the ones using the company’s older processors. The security team claimed the impacted smartphones have an exploit, which could allow hackers to gain unauthorised access and execute arbitrary code. This means the bad actors could steal personal data and even operate the device remotely for carrying out unauthorised activities like making payments.

Identified as CVE-2024-44068, the vulnerability was discovered in Samsung phones powered by Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, and Exynos W920. That means devices such as Samsung Galaxy S10 and Galaxy Note 10 series are impacted by the vulnerability, according to The Register. The report said Samsung has rolled out a fix as part of a security maintenance update, which rolled out on October 7, but it does not support the devices that are no longer in Samsung’s regular software update cycle.

“Samsung is committed to providing the highest level of security for our users,” a Samsung spokesperson was quoted as saying in the report. He urged users to keep their devices updated with the latest software.

Xingyu Jin and Clement Lecigene from the Google security team mentioned that hackers may be actively exploiting the vulnerability in Samsung processors through what they call an “unlocked room,” which allows them to gain higher privileges on the phone and execute malicious code. The researchers also mentioned that the October patch contains patches for other vulnerabilities that mainly affected media handling processes. They explained that Samsung’s hardware driver processes, specifically for cameras, were targeted where the vulnerability could have allowed hackers to rename processes to obscure malicious activity.

What should users do?

If a user has an old Samsung device, particularly with one of the highlighted chipsets, they should immediately download and install the October security update. In case the device no longer supports a software update, they should consider switching to a new device to ensure their data and privacy remain intact.