Smartphones can leave your organization open to vulnerabilities - Velox Systems

Smartphones can leave your organization open to vulnerabilities

Pictorial of an android phone screen

Smartphones can leave your organization open to vulnerabilities. Cybersecurity researchers have uncovered a critical vulnerability in the Monkey’s Audio (APE) decoder on Samsung smartphones. This potentially allows attackers to execute malicious code. This high-severity flaw affects Samsung devices running Android 12, 13, and 14, according to a December 2024 advisory from Samsung.

The Danger this Vulnerability Brings

The vulnerability, an out-of-bounds write in the libsaped.so library, is particularly dangerous because it can be exploited without user interaction—a so-called zero-click attack. The risk is heightened for Galaxy S23 and S24 devices with Rich Communication Services (RCS) enabled in Google Messages, the default configuration. Here, the transcription service automatically decodes incoming audio messages locally, even before a user interacts with the message.

In a potential attack scenario, an adversary could send a specially crafted audio message via Google Messages to a targeted device with RCS enabled. This would cause its media codec process (samsung.software.media.c2) to crash and potentially opening the door for further exploitation.

The fix to this flaw

Samsung has since patched this vulnerability as part of its December 2024 security updates. The update also addresses another high-severity flaw (CVE-2024-49413) in the SmartSwitch app. This shortcoming previously allowed local attackers to install malicious applications by exploiting improper cryptographic signature verification.

How to bolster Your team

Smartphones can leave your organization open to vulnerabilities. These shortcomings are often overlooked despite their frequent use for work outside the office. Keeping devices updated is crucial to staying ahead of evolving cybersecurity threats. However, mobile devices remain a common target for cyberattacks. Securing your mobile devices is essential for maintaining strong cybersecurity practices. It’s equally important to have a well-educated team equipped with up-to-date knowledge of the ever-changing landscape of mobile threats.

At Velox, we’ve proudly served Oregon businesses for 14 years, bringing expertise in a range of security protocols to safeguard mobile devices—and the critical gateways to your organization—from cyber risks. Let’s chat about mobile device use in your organization, and how we can keep your organization wherever on the go your users are logging in.