close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Post

Security Post

  • Advisory

    Notification on vulnerabilities in Samsung Preloaded Apps

    Samsung Mobile Security 16 Jun 2021

    Overview

    Researchers at Oversecured discovered and reported 17 vulnerabilities ranging from Moderate to High in Samsung developed apps that are preloaded on Samsung devices. Assuming an attacker-controlled malicious app is installed on the device, these vulnerabilities could allow the attacker to install apps and exfiltrate data such as photos, videos, call logs, contacts, and SMS/MMS through installing a piece of malware on the device and then exploiting vulnerabilities to use their pre-granted privileges. These attacks are, however, not currently remotely executable and there have been no knownreported issues globally so that users should be assured that their sensitiveinformation was not at risk.

    These vulnerabilities affect all Samsung Android devices running Android 8.1 and higher.

    Samsung immediately patched the vulnerabilities since April of 2021 and devices with an Android Security Patch Level of June 1, 2021 or later will be considered protected from the disclosed 16 vulnerabilities. And one remaining vulnerability related to Messages (SVE-2021-20903) is expected to be addressed via July Security Update with an Android Security Patch Level of July 1, 2021.

    As these vulnerabilities require an attacker-controlled malicious app to be installed on the device in order to initiate an attack, Samsung strongly encourages users to alwaysdownload apps from authorized market stores including Galaxy Apps and GooglePlay store. Users should also make sure to verify the source when downloading apps outside ofauthorized market store, and refrain from installing unknown apps.

    CVE/SVE

    • SVE-2021-20733 (CVE-2021-25356)
    • SVE-2021-20636 (CVE-2021-25388)
    • SVE-2021-20500 (CVE-2021-25391)
    • SVE-2021-20731 (CVE-2021-25393)
    • SVE-2021-20690 (CVE-2021-25392)
    • SVE-2021-20716 (CVE-2021-25397)
    • SVE-2021-20724 (CVE-2021-25390)
    • SVE-2021-20877 (CVE-2021-25413)
    • SVE-2021-20879 (CVE-2021-25414)
    • SVE-2021-20702 (CVE-2021-25410)
    • SVE-2021-20601 (CVE-2021-25379)
    • SVE-2021-20637 (CVE-2021-25377)
    • SVE-2021-20542 (CVE-2021-25404)
    • SVE-2021-20612 (CVE-2021-25401)
    • SVE-2021-20631 (CVE-2021-25400)
    • SVE-2021-20722 (CVE-2021-25440)
    • SVE-2021-20903 (CVE-2021-25426)
  • Advisory

    Notification on Wi-Fi Fragment & Forge (FragAttack) vulnerabilities

    Samsung Mobile Security 12 May 2021

    Overview

    A security researcher at New York University AbuDhabi, found several vulnerabilities (a.k.a. Fragment & Forge or FragAttack) in Wi-Fi components affecting a large number of devices with Wi-Fi connectivity. These vulnerabilities could possibly allow an attacker within physical proximity to inspect data traffic protected by the Wi-Fi network, inject their own data packets into a data stream, and cause some denial of service (DoS) attacks to other connected devices.

    This vulnerability affects various Wi-Fi enabled devices (e.g. PC, wearables, appliances, routers) including all Samsung devices running Android 8.0 and higher.

    Samsung has worked with affected chipset vendor partners to provide patches for affected Samsung devices, starting in March of this year. Devices with an Android Security Patch Level of April 1, 2021 or later will be considered protected from these vulnerabilities. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

    CVE/SVE

    • SVE-2021-20775
    • CVE-2020-24586
    • CVE-2020-24587
    • CVE-2020-24588
    • CVE-2020-26139
    • CVE-2020-26140
    • CVE-2020-26141
    • CVE-2020-26142
    • CVE-2020-26143
    • CVE-2020-26144
    • CVE-2020-26145
    • CVE-2020-26146
    • CVE-2020-26147
    • CVE-2020-11264
    • CVE-2020-11301
  • Advisory

    Notification on modem vulnerability in Qualcomm chipsets

    Samsung Mobile Security 07 May 2021

    Overview

    Security researchers at Check Point have reported a vulnerability within Qualcomm’s modem chipsets affecting select Samsung devices. The vulnerability disclosed by Check Point may allow a malicious app to gain access to device user information.

    Samsung Android devices with Qualcomm chipset are affected by the vulnerability disclosed by Check Point, and Samsung has been releasing patches for affected select Samsung devices since January of 2021.

    While a number of Samsung devices have already been patched starting in January of 2021, most Samsung devices with an Android Security Patch Level of May 1, 2021 or later, will be considered protected from the disclosed vulnerability. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

    CVE/SVE

    • CVE-2020-11292
  • Advisory

    Notification on NPU vulnerability by Project Zero

    Samsung Mobile Security 22 Dec 2020

    Overview

    Google Project Zero (GPZ) researcher, Ben Hawkes, discovered memory corruption vulnerabilities in a Samsung kernel driver - the NPU (Neural Processing Unit) driver. The NPU driver provides machine learning resources for the Camera AI model in recent Samsung devices. The discovered vulnerabilities in this driver
    include heap overflow, race condition and TOCTOU (Time of check, time of use) vulnerabilities that may cause an arbitrary memory write. This memory write may then be exploited by an attacker to possibly achieve arbitrary code execution.
     
    Samsung devices with certain Exynos chipsets running Android 9 and Android 10 are affected and the vulnerabilities disclosed by the researchers are already patched for all affected Samsung devices starting with the Nobember Security Maintenance Release (SMR).

    Samsung devices with an Android Security Patch Level of Nobember 1, 2020 or later, will be considered protected from the disclosed vulnerabilities. Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

    CVE/SVE

    • SVE-2020-18610
  • Advisory

    Notification on RPMB Vulnerability

    Samsung Mobile Security 03 Nov 2020

    Overview

    The PSIRT team of Western Digital (WD), discovered a vulnerability in RPMB (Replay Protection Memory Block) during independent research and evaluation. Given a situation where the kernel is compromised, an improper authentication of write operation vulnerability in RPMB protocol may allow an attacker to replay
    execution in certain conditions.

    Samsung Galaxy devices running Android 8, Android 9, and Android 10 are affected and the vulnerabilities disclosed by the researchers are already patched for all affected Samsung devices starting with the Nobember Security Maintenance Release (SMR).

    • Devices with Exynos chipsets and an Android Service Patch Level of November 01, 2020 or later will be considered patched against this vulnerability.
    • Devices with Mediatek chipsets and an Android Service Patch Level of January 01, 2021 or later will be considered patched against this vulnerability.
    • Devices with Qualcomm chipsets are not affected by this vulnerability.

    Samsung encourages all users to ensure their devices are updated once the patch becomes available for the devices.

    CVE/SVE

    • CVE-2020-13799
No Contents.
Archive