If you own a Samsung smartphone and are running any Android versions from 9-12, your phone may be at serious risk for a breach. Last week researchers at Kryptowire published a report that detailed the discovery of a serious high-severity vulnerability. The vulnerability is in the pre-installed Phone app across multiple models and could enable a hacker to take control of your phone.
The vulnerability could have major repercussions on users as research has shown that hackers could do everything from factory reset your phone to making calls for you and even installing/deleting apps. According the Kryptowire all it takes is the installation of any third-party app by the victim that was unknowingly tweaked to "mimic system-level activity and hijack protected functionality" and the hackers have access.
The high-severity vulnerability CVE-2022-22292 targets the pre-installed "phone" app on Samsumg smartphones and preys on an insecure component that essentially gave local apps, apps without system-level privileges, the ability to perform such privileges operations anyway without user authorization. The full technical report shows that any devices running any version of Android between 9 and 12 were impacted.
The good news:
Samsung has been aware of the vulnerability since November of 2021 and has made a patch available as a part of their February 2022 security maintenance release program. If you have updated your device and show a security patch level of February 2022 or later your are protected. While most users have already ran the patches necessary and are properly protected if you own a Samsung device running any version of Android between 9 and 12 you should double check to see that your updated and if you are not, update immediately.