Owners of popular Samsung Galaxy devices must make sure they have the very latest version of the Galaxy App Store installed on their phones even if they never use this online marketplace. That’s the latest warning from security experts who discovered a vulnerability within this application that could allow hackers to install software onto Samsung’s smartphones without the permission of the users.
This could clearly make it incredibly easy for cyber thieves to add software which could then be used to steal personal data such as user names and passwords.
The threat was discovered by the team at NCC Group who notified Samsung about the vulnerability late last year.
An update which fixes the glitch has since been pushed out by the Korean technology giant but it’s now vital that users check their phones and make sure everything is fully up to date.
“The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices,” NCC Group explained.
“It was found that the Galaxy App Store has an exported activity which does not handle incoming intents in a safe manner. This allows other applications installed on the same Samsung device to automatically install any application available on the Galaxy App Store without the user’s knowledge.”
READ MORE: UK broadband users urged to try simple Wi-Fi router trick to get free speed boost
The issue affects all phones running Android 12 and older – Android 13-powered devices appear to unaffected although it’s still wise to check for any security updates.
Advising users about the glitch and need to update, NCC Group added: “For Samsung devices running Android 12 or lower, Samsung has released an updated version of the Galaxy App Store (version 4.5.49.8). Users should open the Galaxy App Store on their phone, and if prompted, download and install the latest version.”
“This issue does not affect devices running Android 13. Users should still update their Galaxy App Store to the latest version to address potentially other issues.”
As well as fixing this app bug, the Galaxy App Store update also eradicates another problem that allowed hackers to add malicious hyperlinks which could then leave Galaxy users who clicked on them open to attack.
This security risk has also now been patched but only once the very latest version of the Galaxy App Store is downloaded.
Samsung has a big few weeks ahead with the company confirming that it will launch a new Android device on February 1. Although not confirmed, it seems almost certain that the launch will be all about the Galaxy S23 range which will replace the current S22 as the firm’s top-end flagship.
Major hints from the firm suggest this new breed of phones will feature improved photography and a much fast processor.
Express.co.uk will bring you full details live from next week’s even so watch this space.
