Samsung has this week confirmed security vulnerabilities that affect Galaxy S8, S9, S10, S10e, S10 Plus, S10 5G, Note 9, Note 10 and Note 10 Plus users. Amongst these is a critical vulnerability and three that are rated as “high.” In all, there are some 21 security issues covered; 17 related to Samsung’s “One” user interface and four concerning Android. Here’s what you need to know and what you need to do now.
According to Samsung, the most vulnerability addressed in the update is one that could allow savvy hackers to manipulate the IMEI of a handset if not blocked off. The patches to fix these, including a critical rated vulnerability, started rolling out to Google phone users on October 8, and the advice is to update as soon as possible.
The latest Samsung security maintenance release (SMR) has also now started to roll out to users of Galaxy devices across the product range. The October SMR includes patches from Google, which affect Galaxy 10 users as well as those with earlier devices from Samsung. There are also a whole bunch of vulnerabilities that specifically impact Galaxy 8 and Galaxy 9 device users.
Amongst these, there is a Galaxy 9 vulnerability that is rated as being critical: SVE-2019-15435. This affects both the Galaxy S9 and Note 9, although details are sketchy as to the exact technical nature of the vulnerability as it has been “privately disclosed” to protect users until patches are installed. With around 30 million Galaxy 9 smartphones sold, and another 10 million Galaxy Note 9 devices, that’s a potential 40 million users who need to take notice of this warning.
“Enhancement in IMEI security mechanism is required for improved protection against potential IMEI manipulation.” It has been suggested this relates to a method of circumventing the IMEI blacklist which prevents stolen devices from being easily resold. Anything that gets around this kind of protection makes the devices involved more attractive to criminals who could get a better profit by selling them on with a “clean” IMEI number.