Samsung has said it is rolling out a new feature for Galaxy smartphones and tablets that can protect against a new kind of cyber threat that allows attackers to hack your phone just by sending an image.
Attackers trigger zero-click exploits by sending a message containing an image. You don’t even need to interact with the message as you would if attackers were trying to make you click a phishing link or download malware — a zero-click attack works even if you aren’t actively handling your phone.
Zero-click attacks are designed to take advantage of unpatched vulnerabilities in applications that accept and process untrusted data, such as SMS and messaging services.
If it’s crafted in the right way, a zero-click attack can run malware or snoop on your smartphone without you even knowing. In many cases, the original image is coded to delete itself, so you don’t even know it was there — but in that time, hackers could have gained access to your usernames, passwords, and other sensitive personal data.
While zero-click attacks aren’t a common cybersecurity threat for now — with the attacks mainly restricted to being deployed by sophisticated spyware operations — the nature of cyber-criminal activity means it’s likely only a matter of time before these attacks become more widespread.
Now Samsung has said it will introduced Samsung Message Guard, a new security feature for Samsung Galaxy smartphones that aims to protect users. It uses sandboxing — a cybersecurity practice where code is run, observed, and analyzed in a safe environment that is isolated from the rest of the device — to quarantine files until they have been checked.
Samsung Message Guard is available for Samsung Galaxy S23 devices, and the company says it will be rolled out to other Samsung Galaxy smartphones and tablets later this year.
“Simply put, Samsung Message Guard automatically neutralizes any potential threat hiding in image files before they have a chance to do you any harm. It also runs silently and largely invisibly in the background and does not need to be activated by the user,” said a Samsung statement.
“So where previously you could be endangered without doing anything, now you are protected from zero-click exploits without lifting a finger,” the company added.
The security tool currently works on the SMS applications Samsung Messages and Messages by Google, but Samsung said the aim is to roll it out to third-party messaging applications in future.