search icon
Close

What are you looking for?

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

0 click exploit protection

(Topic created on: 20-04-2025 05:09 PM)
615 Views
- Close original thread and solution
arianwen27
Black Belt 

‎20-04-2025 05:09 PM - last edited ‎20-04-2025 05:10 PM

Options
Heyo all. I wanted to write a little bit about a feature that most never know about but is always protecting your device. I believe it's only on the S series but some A series phones might have it too. It's deep within one ui and android so I'd class this as a device feature not a software feature.

So, what's this about? 
(There has been no reports of samsung devices ever being vulnerable, this started with iphones)

A while ago, the security community were shocked to find iphones that had malware running on them. After some analysis, it was found that a 0 click exploit existed. 
That meaning, someone could send a text to the phone, on receipt of that text, the malware runs and enters the device. No user input. (It was a special image, when the phone tried to display it, a bug triggered causing access)

This is very very bad. So bad, apple made a feature called "blast door". Any message sent to the device gets isolated and examined, then the user can view it. So if some special malware message is received, it won't infect the device.

Where does samsung come into this?

While samsung has had no known infections from this attack method (possibly due to knox). They decided it would be best to add extra protection in place just in case. They created message sandboxing. This contains every image received in a messaging app. So not just texts, WhatsApp, telegram and other apps too. 
Once the phone has examined the image and deemed it safe, it will be shown. If someone happens to send you an image that's bad, the phone detects and blocks it.

Originally, this was hidden away in developer settings. At the very bottom an option to disable it appeared. So most people never knew it was silently protecting their device. As of current, auto blocker being on prevents message sandboxing being disabled, ensuring people stay safe. It is always on by default on all supported devices. I believe it works on all knox phones but I can't check.

So while no Samsung device has been known to be infected, there's now a whole system in place to guard against malicious messages being sent to your device.

The extra protection the S series and knox offers compared to other android phones is just incredible. I really appreciate the effort put into the security on these devices.
24 REPLIES 24
Joeeye
Legend

‎20-04-2025 07:01 PM - last edited ‎20-04-2025 07:05 PM

Options
In response to Sonora
That's why companies employ hackers. It's their job to find exploits. You discovering and discussing about them won't change this happening. Nothing I haven't seen or known about for over 35 years. Curiosity is one thing, but the reality is, unless you are so inclined to be actively involved, get involved or work your way into something shady, there's literally about a 0.01% chance you'll ever be seriously affected by any of these exploits.

I'm not saying we should ignore security, but in over 16 years of Android, it's worth noting Google and Samsung have always kept the majority of users safe and secure with their devices, inspite of even slower security updates, historically.
0 Likes
arianwen27
Black Belt 

‎20-04-2025 07:02 PM

Options
In response to Sonora
Could you provide a link to that? I know there was a bug with one ui 7 and secure folder images but I wasn't aware of being able to directly access any image
0 Likes
Joeeye
Legend

‎20-04-2025 07:07 PM

Options
In response to arianwen27
Hence why Google tend to be patching them after the fact. It's not a surprise but more just an inquiry into ongoing software development.
Sonora
Maestro

‎20-04-2025 07:13 PM

Options
In response to arianwen27

Here you go https://youtu.be/BBIaZqQCx34?si=WalN_58FZy_2LyJT

0 Likes
arianwen27
Black Belt 

‎20-04-2025 07:18 PM - last edited ‎20-04-2025 07:20 PM

Options
In response to Sonora
Ah it's with work profiles. Makes sense. Secure folder uses the work profile system within android to operate. Though I will say, having auto blocker enabled with maximum restrictions prevents work profiles from being made.

That exploit will also not work if you encrypt your secure folder. Instead of closing or locking it, press the 3 dots and press encrypt. Thats actually fully locks the secure folder instead of just putting it behind a lock screen.

So that exploit would need the owner to decrypt the secure folder, the device not be rebooted and auto blocker being off. If the owner never initially unlocked it or encrypted it after using it, nothing would appear
0 Likes
Sonora
Maestro

‎20-04-2025 07:27 PM - last edited ‎20-04-2025 07:28 PM

Options
In response to Joeeye

Yes, and when you click on the monthly update link at the very bottom of the page in the software version, you can read what both Samsung and Google have patched. And some YouTube channels describe these monthly updates in detail. 

Samsung is also full of holes, don't idealize it, even its first version of Nice Catch Good Lock's module was left in the Galaxy Store for months after Apkmirror raised the alarm when it discovered that the application was signed by others with Samsung keys. The compromised version of Nice Catch was still in the Galaxy Store for months, so Apkmirror and Sammobile put big warnings that the app is unsafe

0 Likes
Joeeye
Legend

‎20-04-2025 07:33 PM

Options
In response to Sonora
I'm not trying to. Software is software, it doesn't matter who makes it. Nothing is ever perfect and there'll typically always be ingenious ways to circumvent, exploit or bypass even the most seemingly secure.
0 Likes
Sonora
Maestro

‎20-04-2025 07:51 PM

Options
In response to Joeeye

Yes you do idealize it,  you and OP

You were bragging that it was Google Messages, not Samsung, and Samsung left Samsung Messages deep in the system and I can even tell it was using RAM.

And OP wrote this

(There has been no reports of samsung devices ever being vulnerable, this started with iphones).......AND THIS IS ABSOLUTELY ISN'T TRUE.

 

0 Likes
Joeeye
Legend

‎20-04-2025 08:04 PM - last edited ‎20-04-2025 08:07 PM

Options
In response to Sonora
Think you're overthinking things here. You posted a link regarding security exploits involving a Google app that targeted specifically to Samsung devices, I simply replied to note this.
0 Likes
nobodyspecialnow
Pioneer

3 weeks ago

Options
There are lots of exploits on iPhone & android phones, normally used by governments
Although they are normally targeted at ordinary people.
Interesting post though, it's not often hackers , north Korea often try theses attacks. Trouble is everything co.es from China, often the vulnerabilities are in the hardware backdoor so cannot be detected by software protection against viruses. Trouble is western countries want / demand backdoor access to phones. Normally this is done through hardware that simply cannot be picked up by antivirus programs. All phones are vulnerable to these attacks even iphones, I'm pretty sure there are many out there we don't know about as they are used by government security agency's they say iphones can't be hacked. Bet the CIA can hack any phone
0 Likes