Germany’s Federal Office for Information Security (BSI) has announced in its latest report that security researchers have discovered a vulnerability in Samsung smartphones’ Android operating systems. The BSI has classified this as a category 4 risk. According to the report, all end devices available on the market since the end of 2014 are affected, including, for example, Galaxy S5 and Galaxy Note5 devices and all subsequent series.
Incoming MMS messages that have been manipulated with malicious code can hijack the standard messaging app used on Samsung devices (PackageName: com.samsung.android.messaging) which could mean that the attacker to launch the code and therefore access data.
For all customers who easily, quickly and affordably manage their devices using Samsung’s cloud-based Mobile Device Management solution (KnoxManage), there is an option to selectively disable incoming MMS messages on vulnerable devices.
At the same time, all vulnerable devices should be updated with the Samsung security patch made available in May. Information on Samsung’s patch updates can be found here. The Knox E-FOTA (Enterprise Firmware over the Air) solution available from the Samsung Knox portfolio is a central tool to manage updates for connected devices.
For all customers who currently use other MDM or UEM solutions (e.g. MobileIron, VMWare Workspace One, Microsoft Intune, etc.) we offer individual support options to update your existing environment.
The Bechtle Mobility Consultants are happy to answer any questions you may have.