Samsung confirmed several security vulnerabilities affecting Galaxy S8, S9, S10, S10e, S10 Plus, S10 5G, Note 9, Note 10 and Note 10 Plus users this week. There is a very serious vulnerability and three vulnerabilities rated as “high risk.” All in all, it involves 21 security vulnerabilities, 17 of which are related to Samsung’s One user interface and 4 to Android. Here are the things you need to know and what you need to do now.
Let’s take a look at the Android vulnerability first.
You can see information about Google’s Android vulnerability in a report published by Kate O’Flaherty on the Forbes website. Patches that fix these vulnerabilities (including a very serious vulnerability) have been released to Android phone users since October 8. It is recommended to update as soon as possible.
Samsung Galaxy special security warning
Samsung’s latest Security Maintenance Release (SMR) is now available to all Galaxy device users. The October SMR includes security patches from Google that affect Galaxy 10 users and users of Samsung’s early devices. In addition, there are a number of vulnerabilities that affect Galaxy 8 and Galaxy 9 device users. Among these vulnerabilities, one Galaxy 9 vulnerability was rated as “very serious”: SVE-2019-15435. This has an impact on Galaxy S9 and Note 9, but the information about the technical features of the vulnerability is crude, as the information is retained before the security patch is released to protect the user. The sales of Galaxy 9 smartphones are about 30 million units, and the sales of Galaxy Note 9 devices are 10 million units, which means that 40 million Galaxy 9 and Galaxy Note 9 users need to pay attention to this warning.
What are the serious vulnerabilities of Galaxy 9 and Note 9?
How much do we know about SVE-2019-15435? In fact, we don’t know much. The only information released by Samsung is as follows: “The IMEI security mechanism needs to be enhanced to enhance protection and prevent IMEI from being manipulated.”
Some people think that this is related to a way to bypass the IMEI blacklist, which is designed to prevent stolen devices from being easily resold. Any vulnerability that can bypass this layer of protection will make the devices involved more attractive to criminals, who can make better profits by selling devices with “clean” IMEI numbers.
However, just like the history of Microsoft Windows update programs, Samsung’s update program is not always perfect, so you should update to the latest program as soon as possible. Postponing the installation of the latest update means your smartphone is still vulnerable to hackers. Once the vulnerability is disclosed, criminals will soon crack and launch an attack.