search icon
Close

What are you looking for?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

0 click exploit protection

(Topic created on: 3 weeks ago)
264 Views
arianwen27
Big Cheese

3 weeks ago - last edited 3 weeks ago

Options
Heyo all. I wanted to write a little bit about a feature that most never know about but is always protecting your device. I believe it's only on the S series but some A series phones might have it too. It's deep within one ui and android so I'd class this as a device feature not a software feature.

So, what's this about? 
(There has been no reports of samsung devices ever being vulnerable, this started with iphones)

A while ago, the security community were shocked to find iphones that had malware running on them. After some analysis, it was found that a 0 click exploit existed. 
That meaning, someone could send a text to the phone, on receipt of that text, the malware runs and enters the device. No user input. (It was a special image, when the phone tried to display it, a bug triggered causing access)

This is very very bad. So bad, apple made a feature called "blast door". Any message sent to the device gets isolated and examined, then the user can view it. So if some special malware message is received, it won't infect the device.

Where does samsung come into this?

While samsung has had no known infections from this attack method (possibly due to knox). They decided it would be best to add extra protection in place just in case. They created message sandboxing. This contains every image received in a messaging app. So not just texts, WhatsApp, telegram and other apps too. 
Once the phone has examined the image and deemed it safe, it will be shown. If someone happens to send you an image that's bad, the phone detects and blocks it.

Originally, this was hidden away in developer settings. At the very bottom an option to disable it appeared. So most people never knew it was silently protecting their device. As of current, auto blocker being on prevents message sandboxing being disabled, ensuring people stay safe. It is always on by default on all supported devices. I believe it works on all knox phones but I can't check.

So while no Samsung device has been known to be infected, there's now a whole system in place to guard against malicious messages being sent to your device.

The extra protection the S series and knox offers compared to other android phones is just incredible. I really appreciate the effort put into the security on these devices.
18 REPLIES 18
JAMES4578
Samsung Members Star ★★

3 weeks ago

Options

A great post and a quite detailed account of the feature,  yes message sandboxing is very valuable. 😎

I do not work for Samsung or make Samsung Products but provide independent advice and valuable contributions.


ChrisB_
Moderator
Moderator

3 weeks ago

Options

Fantastically informative and well written post, @arianwen27. Just a heads up, I've moved it to the Mobile Apps & Services board, just because it's the most appropriate place. 

 

Sonora
Black Belt 

3 weeks ago - last edited 3 weeks ago

Options

Really? Than read this, This applies specifically to Samsung's S23 and S24 series. And Samsung (and Google)very slow release even month security patches 

https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html?m=1

Google released very important April patch but we still no get it

0 Likes
arianwen27
Big Cheese

3 weeks ago - last edited 3 weeks ago

Options
In response to Sonora
Thats exactly the form of attack I'm on about, except 1 part. That uses voice messages where the phone tries to transcribe the audio, then gets infected.

Someone needs to have transcription enabled with rcs.

Second, the samsung and iphone protection is for images, not audio. Plus that attack hasn't been seen used by anyone yet.

So you're 100% right, thats a 0 click attack that samsung's protection system doesn't protect against. Seems they need to include audio in message sandboxing now
Joeeye
Legend

3 weeks ago

Options
In response to Sonora
It's interesting to note the exploit is a vulnerability from a Google application, specifically Google Messages.
0 Likes
Sonora
Black Belt 

3 weeks ago

Options
In response to Joeeye

Do you think Samsung is better? Why didn't they completely remove Samsung Messages from the S24 series, but left the application to whom, why, what for? And so they possibly opened a security hole, because look at this, I can disable access to everything except photos and videos.

20250420_194406.jpg

0 Likes
Sonora
Black Belt 

3 weeks ago

Options
In response to Joeeye

It also describes in  detail how to access photos in Secure Folder, if someone uses it. Without the owner's knowledge

0 Likes
arianwen27
Big Cheese

3 weeks ago

Options
In response to Sonora
That popup is because the app is considered a system app by android. Basically, it came preinstalled with the phone and samsung made it so you can't delete it. A side effect of this is android won't let you disable some permissions.
0 Likes
arianwen27
Big Cheese

3 weeks ago

Options
In response to Joeeye
The exploit is specifically the app trying to transcribe messages. So trying to convert the audio to text the human can read. Something in the convert to text chain there's a bug that seems to be exploitsble. So it's less of the messaging app, more of the extra features google added and are off by default