Rechercher dans ce blog

Wednesday, May 12, 2021

Urgent New Update Confirmed For Millions Of Samsung Galaxy Users - Forbes

doro.indah.link

Samsung has now confirmed that millions of Galaxy smartphones are affected by the critical Qualcomm vulnerability Check Point disclosed last week. “Samsung Android devices with Qualcomm chipset are affected by the vulnerability,” the tech giant warns, “the vulnerability may allow a malicious app to gain access to user information.”

But the warning comes with a twist—not all Samsung devices have been updated—for many there may not even be a fix available to install yet. “While a number of devices have already been patched starting in January of 2021,” it is only once the May 1 security update has been installed that “most” of its devices can be considered secure.

MORE FROM FORBESWhy You Should Avoid Google Chrome's New FLoC Tracking

This is the second time that Check Point has discovered a flaw in the Qualcomm hardware on Samsung and other leading smartphones. This particular issue is with the 5G chipset, and would allow malware infecting the Android OS to hide itself on the chip, preventing detection and protection.

According to Check Point, this would enable “an attacker using Android OS itself as an entry point to inject malicious and invisible code into phones, granting an attacker access to call history, SMS messages and audio of phone conversations.”

MORE FOR YOU

Because this chip communicates with the network carrier and the device OS, the vulnerability also allows an attacker to unlock the SIM and override network settings.

As ever with Android, the fact that Samsung has now confirmed an update doesn’t provide all affected users with a solution. Some devices in some locations may have the update now, others need to wait and keep checking. The fragmented ecosystem means that the timing of updates for specific regions, devices and even carriers varies. But “all users [should] ensure their devices are updated once the patch becomes available.”

Check Point warned as much last week, telling me “there is a long supply chain here: Qualcomm to phone vendors to consumers. That makes it really hard to fix such issues once found. It took us a really long iterartion with Qualcomm in order to address this issue. We’re talking about a minimum of one year until fixes arrive with consumers.”

MORE FROM FORBESHere's Why Signal's Strike At Facebook Should Concern You

Qualcomm confirmed to me that it issued a fix more than five months ago: “Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices as patches become available.”

This is a real issue for Android users and a source of contention for those spending $1000 and more on a flagship device, only to be caught up in the vagaries of an inefficient update process that can see a vulnerability remain open to exploitation for significantly longer that should be the case.

No devices are immune from such problems. Apple prides itself on the security of its devices, but we have seen multiple “emergency” warnings this year for iPhone users to update devices as vulnerabilities have been disclosed and fixed. But that’s a simple process, whereby the fix is universally available quickly. Android needs to catch up.




May 12, 2021 at 04:30PM
https://ift.tt/3hlJtpE

Urgent New Update Confirmed For Millions Of Samsung Galaxy Users - Forbes

https://ift.tt/2O3clnm

No comments:

Post a Comment

Featured Post

Latest iPhone 13 Dummies Again Show New Diagonal Dual-Lens Camera Arrangement Coming to Standard Model - MacRumors

doro.indah.link More dummy models of the upcoming iPhone 13 have been shared online, this time by leaker DuanRui , indicating the new diag...

Popular Posts