Impossible deadline for Samsung: you have 24 hours to update your phone

Updated October 30 with an update on Samsung’s competition with the iPhone for global supply and a potential brand change that would impact a safer premium phone market. This article was originally published on October 29.

Millions of Samsung Galaxy phones are now at risk of a serious hardware vulnerability – the second such warning in as many weeks. And while the latest monthly security update addresses one of these threats, the other remains a threat. The US government has advised users to update their phones by Tuesday, October 29th. The bad news is that this means the deadline has just passed before the update. Yes, you need to update your phone, but no, you can’t right now.

Both vulnerabilities have triggered active attack alerts. One from Google that warned Galaxy users who CVE-2024-44068 was called “part of an exploit chain” along with other vulnerabilities. This is a “use-after-free” threat for Exynos processors, meaning that memory accesses do not stop after processing, but hidden pointers remain. This can be exploited by malicious code. This mainly affects older phones and was fixed by Samsung in the October update.

ForbesApple unveils ‘revolutionary’ iPhone update – Samsung has a major new problemTO Zach Doffman

The second warning came from Qualcomm and affected a wide range of mobile devices.not only from Samsung. But given Samsung’s position as the dominant Android OEM, the impact on their user base will be the greatest. The problem is the same exploitation as following the free memory vulnerability, and this has also led to active attacks.

Earlier this month, Qualcomm acknowledged “indications from Google’s threat intelligence team that CVE-2024-43047 may be subject to limited targeted exploitation,” confirming that patches were made available to device OEMs in September. It urges OEMs to deploy these fixes “to released devices” as soon as possible.

CISA, the US cybersecurity agency, has added CVE-2024-43047 to its catalog of known exploitable vulnerabilities, warning that “several Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP services when storing HLOS memory cards.” All federal employees were instructed to “apply patches or mitigations in accordance with vendor instructions” by Oct. 29, “or discontinue use of the product if patches or mitigations are not available.”

In simple terms, this means upgrading or stopping using your phone. There are no updates for Samsung phones yet. CVE-2024-43047 was not included in the October Android or Samsung updates, making it impossible to meet this deadline. The issue is expected to be fixed in the November Android security update, but there’s a good chance Samsung Galaxy users will have to wait another month.

Samsung told me that it “takes security very seriously. We are aware of a report of potential vulnerabilities in certain Qualcomm chipsets and are working with Qualcomm to resolve this issue. We began releasing security updates in October, but updates may continue to be released later depending on your network provider or model. We always encourage users to keep their devices updated with the latest software updates.”

At the same time, he warns: “Some fixes that will be received from chipset manufacturers may not be included in the month’s security update package. These will be included in upcoming security update packages as soon as the patches are ready for release.”

ForbesGoogle warns 2 billion Windows users: update Chrome now as dangerous hackers discoveredTO Zach Doffman

Thus, owners of Samsung models, just like some Galaxy S23 devices, recently found themselves in an impossible position: they simply cannot meet the update deadline. As I said earlier, be sure to check out the November update as soon as it’s released. Until then, vulnerability remains a risk.

The good news for Samsung users could be the signs of life in the One UI 7 beta, which will finally bring Android 15 to Galaxy phones much later than expected. SamMobile reported that while the company did not reveal the beta at its recent US developer conference, “it appears that it may open the beta program at the SDC 2024 event in South Korea in November.” Nothing is confirmed yet, but it will create a huge stir as the largest Android OEM will receive its biggest security update yet. Anti-theft protection, live threat detection, and private premises may be introduced soon.

Meanwhile, meeting CISA deadlines may not be the only impossible task on Samsung’s list of immediate tasks. There’s some bad news for Android OEMs in the latest global smartphone shipment statistics as the company battles Apple in the premium segment: Google Pixel is also losing some of its Android market share in the high-end segment, with low-cost Chinese players coming in behind , with cheaper units offering much of the same technology.

ForbesNew Google Play Store Warning: You Should Stop Installing These AppsTO Zach Doffman

Financial Times reports that “Samsung Electronics is struggling to retain its crown as the world’s top-selling smartphone maker, deepening a growing crisis at South Korea’s largest company.” IDC just released an update on smartphone shipments in the third quarter, showing Samsung sales down 3% year over year, from 21% to 18%. “Analysts estimate that the smartphone division’s operating profit fell as much as 30 percent over the same period,” theft reports.

Of course, the most important thing is the iPhone. That’s why Korean media reports suggest that “Samsung is overhauling its Galaxy smartphone brand across its various model lines.” The idea was that the Galaxy brand would be reserved for the premium flagship phones that came with the iPhone, rather than cheaper models.

This could have implications for security as well as artificial intelligence, which have become two defining factors in the premium segment. Now that devices are expected to be supported (i.e., security updates) for six or seven years as standard, there are obvious cost and component implications. The same applies to artificial intelligence: the desire for privacy of on-device processing increases assembly costs.

“Samsung Electronics has always led the world in smartphone shipments,” says a Korean representative. E Today“But sales are gradually declining. In addition, it lags behind the iPhone in the premium line, which is important from a profitability point of view. In particular, there is a noticeable preference for the iPhone among younger consumers.”

As I reported earlier this week, this gap between Samsung and the iPhone may well get worse over artificial intelligence, as Apple’s Private Cloud Compute offers a revolutionary level of cloud security and privacy for off-device AI processing. If this becomes a logical extension of “what happens on your iPhone stays on your iPhone,” then Samsung will need an answer. Can we see security and privacy as hallmarks of the more exclusive premium Galaxy? Maybe.