With the launch of its latest flagship Galaxy smartphones, Samsung has introduced a new sandbox feature named Message Guard that is designed to protect devices against zero-click exploits.
It’s not uncommon for sophisticated threat actors to target users with exploits that can be triggered without any interaction from the victim.
As an example, Samsung described a scenario where a hacker sends the targeted user a specially crafted image file that automatically exploits a vulnerability — while the phone is locked in the user’s pocket — to give the attacker access to the victim’s messages, picture gallery and bank details.
Samsung has pointed out that Galaxy smartphones, through the Knox platform, are already protected against attacks involving video and audio file formats. The new Message Guard feature is designed to protect phones against threats disguised as image attachments.

“Samsung Message Guard is an advanced ‘sandbox,’ or a kind of virtual quarantine. When an image file arrives, it is trapped and isolated from the rest of the device,” Samsung explained. “This prevents malicious code from accessing your phone’s files or interacting with its operating system. Samsung Message Guard checks the file bit by bit and processes it in a controlled environment to ensure it cannot infect the rest of your device.”
Message Guard works with the Samsung Messages and Messages by Google applications, but support will be extended to other messaging apps in the future.
The new feature is currently available on Galaxy S23 smartphones, which Samsung launched on February 17, but the tech giant said it will be gradually rolled out to other Galaxy phones and tablets later this year. It will be available for devices running version 5.1 or higher of Samsung’s One UI user interface.
The company said Message Guard is active by default and it runs silently in the background.
In the past years, iOS and Android users were warned several times about attacks involving zero-day exploits that did not require any user interaction. Some of the Android attacks were specifically aimed at Samsung Galaxy phones.
In many cases, such attacks have been linked to known commercial spyware vendors whose services are used by state-sponsored threat actors.
Zero-click exploits targeting Android devices are worth a lot of money. Zerodium, a well-known exploit acquisition company, is currently offering up to $2.5 million for these types of exploits.
Related: Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit
Related: Apple Security Flaw: How do ‘Zero-Click’ Attacks Work?
Related: Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- New York Man Arrested for Running BreachForums Cybercrime Website
- Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
- Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
- Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
Latest News
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
