Updated on October 30th with the latest information on the Samsung vs. iPhone head-to-head in global shipping and potential rebranding, both of which impact the safer premium mobile phone market. This article was originally published on October 29th.
Millions of Samsung Galaxy phones are currently at risk from a serious hardware vulnerability. This is the second such warning in recent weeks. The latest monthly security update fixes one of these threats, but the other is still a threat. The US government has told users to update their phones by Tuesday, October 29th. The bad news is this means it’s right before the renewal deadline. Yes, you need to update your phone, but no, you cannot update it at this time.
Both vulnerabilities have triggered active attack warnings. One from Google warned Galaxy users that CVE-2024-44068 was being targeted as “part of an exploit chain” along with other vulnerabilities. This is a “use-after-free” threat to Exynos processors, meaning that memory accesses are not shut down after processing, leaving behind latent pointers. This can be exploited by malicious code. It mainly affects older phones and was patched by Samsung in the October update.
The second alert comes from Qualcomm and affects a wide range of mobile devices, not just those made by Samsung. However, given Samsung’s position as the dominant OEM for Android, the impact on its installed base will be greatest. The problem is a similar free memory after-use vulnerability that is also being actively exploited.
Earlier this month, Qualcomm acknowledged “indications from the Google Threat Analysis Group that CVE-2024-43047 may be experiencing limited and targeted exploitation,” and a fix will be made available to device OEMs in September. I have confirmed that it has been done. It asks OEMs to deploy these patches “to released devices as soon as possible.”
CISA, the US cybersecurity agency, added CVE-2024-43047 to its catalog of known exploited vulnerabilities, stating that “Multiple Qualcomm chipsets have a Contains a use-after-free vulnerability due to memory corruption.” All federal employees are required to “apply remediation or mitigation as directed by the vendor” and “discontinue use of the product if remediation or mitigation is not available” by October 29.
Simply put, it means either update your phone or stop using it. There are no updates for Samsung phones yet. CVE-2024-43047 was not included in the October update for Android or Samsung, making it impossible to meet the deadline. The issue is widely expected to be fixed in Android’s November security update, but Samsung Galaxy users will likely have to wait another month.
Samsung told me it “takes security issues very seriously.” We are aware of reports of potential vulnerabilities in some of Qualcomm’s chipsets and have been working with Qualcomm to address this issue. We began rolling out security updates in October, but updates may continue to be released at later dates, depending on your network provider or model. We always recommend keeping your device up to date with the latest software updates. ”
However, it warns that “some patches we receive from chipset vendors may not be included in this month’s security update package.” These will be included in future security update packages once patches are ready for distribution. ”
That leaves owners of recent Samsung models, such as some Galaxy S23 devices, in the impossible position of missing update deadlines. As we said before, check out the November update as soon as it’s released. Until then, this vulnerability remains a risk.
The good news for Samsung users may be the return of the One UI 7 beta, which finally brings Android 15 to Galaxy smartphones, much later than expected. sam mobile reported that although the company did not reveal the beta version at a recent U.S. developer conference, “it appears that the beta program may be unveiled at the SDC 2024 event in South Korea in November.” . Nothing has been confirmed yet, but it will cause a lot of excitement as Android’s biggest OEM gets its biggest security update yet. Anti-theft, live threat detection, and private spaces could be coming soon.
Meanwhile, meeting CISA deadlines may not be the only impossible task on Samsung’s immediate to-do list. The latest statistics on global smartphone shipments have bad news for Android OEMs. The company is competing with Apple in the premium segment. Google’s Pixel is also eating away at some of the Android market share with its expensive products and cheaper Chinese products. Players coming from behind with cheaper units that offer much of the same technology.
of financial times “The crisis for South Korea’s largest company is deepening as Samsung Electronics struggles to maintain its position as the world’s best-selling smartphone maker.” IDC released the latest information on third quarter smartphone shipments, showing Samsung’s decline of 3% year-on-year, from 21% to 18%. “Analysts estimate that the smartphone division’s operating profit has fallen by as much as 30% over the same period.” F.T. I will report.
Of course, the most important thing is the iPhone. This is why Korean media is reporting that “Samsung is considering segmenting the Galaxy smartphone brand, which consists of various lineups.” The idea is that the Galaxy brand will be limited to premium flagship devices that come with the iPhone, rather than lower-priced models.
This could impact security as well as AI, which are two defining drivers of the premium segment. Devices are now expected to be supported (meaning security updates) for 6-7 years as standard, so the cost and component implications are clear. The same is true for AI, where the push toward privacy-focused on-device processing drives up the cost of construction.
“Samsung Electronics has always been the leader in global smartphone shipments,” said a South Korean official. Today is“However, sales are gradually declining.Also, the premium lineup, which is important in terms of profitability, is lagging behind the iPhone.In particular, younger consumers are becoming more iPhone-oriented.”
As we reported earlier this week, this rift between Samsung and iPhone could well be exacerbated by AI. Apple’s private cloud computing provides a breakthrough level of cloud security and privacy for off-device AI processing. If this is an extension of the “what happens on the iPhone, stays on the iPhone” logic, then Samsung will need an answer. Can security and privacy be seen as differentiators in the higher end, premium Galaxy category? probably.