Your Samsung Galaxy smartphone is at risk of huge malware threat

Have you received Samsung’s May 2020 security update? If your answer to this is yes, then you may heave a sigh of relief.

File photo: Older-gen Galaxy flagships

Samsung Galaxy smartphones made from late 2014 onward have been given a perfect 10 risk rating under the Common Vulnerability Scoring System (CVSS), which measures the severity of security vulnerabilities in software.

Samsung Galaxy smartphones receive a perfect 10 risk rating

Sound alarming? Fret not. Samsung has worked with Google researchers who have uncovered this vulnerability and have packaged a sure fix for this in its May 2020 security patch. If you have yet to receive the patch, cross your finger and send a prayer to the smartphone gods you get it soon.

The vulnerability lies in Samsung’s handling of the Qmage (.qmg) image format, which Android graphics library, Skia, processes e.g. the creation of thumbnail images. Even if the user is careful to not interact with suspicious files, programs, or links, there’s still a high chance of exploitation. 

Tracked as CVE-2020-8899, the vulnerability is described as "an unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to arbitrary remote code execution (RCE) without any user interaction."

Now while we will not get into the nitty-gritty, but you should know that an arbitrary remote execution (RCE) or, simply, malware means cybercriminals can possibly take over your smartphone—game over. Samsung’s security patch that rolled out just recently is said to add the proper validation to prevent memory overwrite. 

While waiting for the update, there are ways to buffer any attack should the vulnerability be exploited:

1. Users are advised to switch to a messaging app other than the Samsung default

2. Disable automatic MMS parsing 

What do you guys think?

Source Forbes