A simple hack that can reportedly temporarily brick “most” Samsung smartphones has appeared online.
The theoretical hack was reported by French security researcher Robert Baptisteon Monday (UK time). The researcher, who goes by the moniker @fs0c131y on Twitter, claimed to have successfully created a proof of concept attack targeting a flaw in Samsung phones Knox security service.
Related: Best Samsung phones
“In this Proof Of Concept (POC), I send these 2 intents every second. Moreover, after opening this app the [first] time, the app icon will disappear,” Baptisteon explained in a blog post.
“As a consequence, the device will be inoperable due to this local DoS. Every time the victim will open the SecureFolder app, the container will be locked and every time he will try to use his phone, the phone will come back directly to the first page of the launcher.”
There’s currently no evidence if the flaw is being actively targeted by hackers in the wild and at the time of publishing Samsung hadn’t responded to Trusted Reviews request for comment.
Even if it is being targeted, there is an easy fix. According to Baptisete all you have to reboot any afflicted device in safe mode. This is done by holding the volume down button during the reboot process. Any attack targeting it would also require you the user to install a malicious app, so it’s impact would be fairly limited on most consumers.
Related: Best Android phones
Knox is a security service designed for businesses that was rolled out on the Galaxy S4 many moons ago. It’s a secure container technology that lets businesses separate and secure business apps installed on work phones.
The service features on most of Samsung’s Android and Tizen devices. These include the company’s latest Galaxy S10, Galaxy S10 Plus and Galaxy S10e flagships as well as the mid-range Galaxy A80.
Security has been a constant concern on Android. This is largely because, unlike Apple’s iOS, Google’s OS is fairly fragmented. According to Google’s latest Android activation figures just 10.4 percent of all Android phones run the latest Pie version of the OS. This makes it difficult for the company to patch new vulnerabilities as it has to work with multiple different code bases.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
