The Indian Computer Emergency Response Team (CERT-In), the nation's primary agency addressing cybersecurity threats, has issued a high-risk security alert concerning four versions of Samsung phones. The advisory underscores the presence of multiple vulnerabilities in these versions, posing a potential risk of hackers circumventing security measures to access sensitive information.

The impacted software encompasses Samsung mobile Android versions 11, 12, 13, and 14. Devices affected by these vulnerabilities include the Galaxy S23 series, Galaxy Flip 5, Galaxy Fold 5, and other Samsung devices running Android versions 11, 12, 13, and 14.

CERT-In's advisory, released on Tuesday, sheds light on security issues with these Samsung phones, citing concerns such as improper access control in Knox features, problems in facial recognition software, and authorization issues in the AR Emoji app, among others.

The vulnerabilities identified could potentially enable hackers to initiate actions like "heap overflow and stack-based buffer overflow," according to the government agency. This could allow attackers to compromise the user's SIM PIN, broadcast unauthorized commands, access AR Emoji app data, and obtain various other sensitive information stored on the user's phone.

To address these security risks, CERT-In strongly recommends that users of Samsung phones with Android versions 11, 12, 13, and 14 apply the appropriate security updates, as outlined by the phone manufacturer in its advisory.

This week, CERT-In has also raised awareness of multiple vulnerabilities in popular browsers, including Google Chrome for desktop and Microsoft Edge (Chromium-based), as well as products from Schneider Electric and Microsoft. Specifically, CERT-In highlights security risks in Chrome versions preceding 120.0.6099.62 for Linux and Mac, and versions prior to 120.0.6099.62/.63 for Windows.

The comprehensive advisory reinforces the critical role of CERT-In in addressing cybersecurity challenges, with over 1.39 lakh cybersecurity incidents tackled in 2022. This alarming figure underscores the magnitude of cyber threats faced by the country, ranging from malware and phishing attacks to distributed denial of service, ransomware attacks, and data breaches.

The potential consequences of neglecting this advisory are outlined by CERT-In, illustrating the various vulnerabilities that users may be exposed to:

Theft of the phone's secret code (SIM PIN)

Broadcasting loud commands to the phone with elevated privilege

Unauthorized access to private AR Emoji files

Tampering with the clock on the castle gate (Knox Guard lock)

Unauthorized access to the phone's files (access arbitrary files)

Theft of sensitive information

Remote control of the phone, executing arbitrary code

Complete takeover of the phone, compromising the targeted system

To ensure the safety of Samsung Galaxy phone users against potential hacking attempts, Samsung has issued comprehensive instructions. Following these guidelines is crucial for users to safeguard their devices effectively.