close

Samsung Mobile Security
Cookie Policy

Updated on May 25, 2021

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 1000 Hillswood Drive, Chertsey, Surrey KT16 0PS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text

Security Post

Notification on vulnerabilities in Samsung Preloaded Apps

On 16 Jun 2021 by Samsung Mobile Security

Overview

Researchers at Oversecured discovered and reported 17 vulnerabilities ranging from Moderate to High in Samsung developed apps that are preloaded on Samsung devices. Assuming an attacker-controlled malicious app is installed on the device, these vulnerabilities could allow the attacker to install apps and exfiltrate data such as photos, videos, call logs, contacts, and SMS/MMS through installing a piece of malware on the device and then exploiting vulnerabilities to use their pre-granted privileges. These attacks are, however, not currently remotely executable and there have been no knownreported issues globally so that users should be assured that their sensitiveinformation was not at risk.

These vulnerabilities affect all Samsung Android devices running Android 8.1 and higher.

Samsung immediately patched the vulnerabilities since April of 2021 and devices with an Android Security Patch Level of June 1, 2021 or later will be considered protected from the disclosed 16 vulnerabilities. And one remaining vulnerability related to Messages (SVE-2021-20903) is expected to be addressed via July Security Update with an Android Security Patch Level of July 1, 2021.

As these vulnerabilities require an attacker-controlled malicious app to be installed on the device in order to initiate an attack, Samsung strongly encourages users to alwaysdownload apps from authorized market stores including Galaxy Apps and GooglePlay store. Users should also make sure to verify the source when downloading apps outside ofauthorized market store, and refrain from installing unknown apps.

CVE/SVE

  • SVE-2021-20733 (CVE-2021-25356)
  • SVE-2021-20636 (CVE-2021-25388)
  • SVE-2021-20500 (CVE-2021-25391)
  • SVE-2021-20731 (CVE-2021-25393)
  • SVE-2021-20690 (CVE-2021-25392)
  • SVE-2021-20716 (CVE-2021-25397)
  • SVE-2021-20724 (CVE-2021-25390)
  • SVE-2021-20877 (CVE-2021-25413)
  • SVE-2021-20879 (CVE-2021-25414)
  • SVE-2021-20702 (CVE-2021-25410)
  • SVE-2021-20601 (CVE-2021-25379)
  • SVE-2021-20637 (CVE-2021-25377)
  • SVE-2021-20542 (CVE-2021-25404)
  • SVE-2021-20612 (CVE-2021-25401)
  • SVE-2021-20631 (CVE-2021-25400)
  • SVE-2021-20722 (CVE-2021-25440)
  • SVE-2021-20903 (CVE-2021-25426)

Notification on Wi-Fi Fragment & Forge (FragAttack) vulnerabilities

On 12 May 2021 by Samsung Mobile Security

Overview

A security researcher at New York University AbuDhabi, found several vulnerabilities (a.k.a. Fragment & Forge or FragAttack) in Wi-Fi components affecting a large number of devices with Wi-Fi connectivity. These vulnerabilities could possibly allow an attacker within physical proximity to inspect data traffic protected by the Wi-Fi network, inject their own data packets into a data stream, and cause some denial of service (DoS) attacks to other connected devices.

This vulnerability affects various Wi-Fi enabled devices (e.g. PC, wearables, appliances, routers) including all Samsung devices running Android 8.0 and higher.

Samsung has worked with affected chipset vendor partners to provide patches for affected Samsung devices, starting in March of this year. Devices with an Android Security Patch Level of April 1, 2021 or later will be considered protected from these vulnerabilities. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

CVE/SVE

  • SVE-2021-20775
  • CVE-2020-24586
  • CVE-2020-24587
  • CVE-2020-24588
  • CVE-2020-26139
  • CVE-2020-26140
  • CVE-2020-26141
  • CVE-2020-26142
  • CVE-2020-26143
  • CVE-2020-26144
  • CVE-2020-26145
  • CVE-2020-26146
  • CVE-2020-26147
  • CVE-2020-11264
  • CVE-2020-11301

Notification on modem vulnerability in Qualcomm chipsets

On 07 May 2021 by Samsung Mobile Security

Overview

Security researchers at Check Point have reported a vulnerability within Qualcomm’s modem chipsets affecting select Samsung devices. The vulnerability disclosed by Check Point may allow a malicious app to gain access to device user information.

Samsung Android devices with Qualcomm chipset are affected by the vulnerability disclosed by Check Point, and Samsung has been releasing patches for affected select Samsung devices since January of 2021.

While a number of Samsung devices have already been patched starting in January of 2021, most Samsung devices with an Android Security Patch Level of May 1, 2021 or later, will be considered protected from the disclosed vulnerability. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

CVE/SVE

  • CVE-2020-11292