Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

New Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits

Samsung’s Message Guard provides a sandbox designed to protect phones and tablets against zero-click exploits.

With the launch of its latest flagship Galaxy smartphones, Samsung has introduced a new sandbox feature named Message Guard that is designed to protect devices against zero-click exploits.

It’s not uncommon for sophisticated threat actors to target users with exploits that can be triggered without any interaction from the victim. 

As an example, Samsung described a scenario where a hacker sends the targeted user a specially crafted image file that automatically exploits a vulnerability — while the phone is locked in the user’s pocket — to give the attacker access to the victim’s messages, picture gallery and bank details. 

Samsung has pointed out that Galaxy smartphones, through the Knox platform, are already protected against attacks involving video and audio file formats. The new Message Guard feature is designed to protect phones against threats disguised as image attachments. 

“Samsung Message Guard is an advanced ‘sandbox,’ or a kind of virtual quarantine. When an image file arrives, it is trapped and isolated from the rest of the device,” Samsung explained. “This prevents malicious code from accessing your phone’s files or interacting with its operating system. Samsung Message Guard checks the file bit by bit and processes it in a controlled environment to ensure it cannot infect the rest of your device.”

Message Guard works with the Samsung Messages and Messages by Google applications, but support will be extended to other messaging apps in the future. 

The new feature is currently available on Galaxy S23 smartphones, which Samsung launched on February 17, but the tech giant said it will be gradually rolled out to other Galaxy phones and tablets later this year. It will be available for devices running version 5.1 or higher of Samsung’s One UI user interface.

The company said Message Guard is active by default and it runs silently in the background. 

In the past years, iOS and Android users were warned several times about attacks involving zero-day exploits that did not require any user interaction. Some of the Android attacks were specifically aimed at Samsung Galaxy phones

In many cases, such attacks have been linked to known commercial spyware vendors whose services are used by state-sponsored threat actors. 

Zero-click exploits targeting Android devices are worth a lot of money. Zerodium, a well-known exploit acquisition company, is currently offering up to $2.5 million for these types of exploits. 

Related: Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit

Related: Apple Security Flaw: How do ‘Zero-Click’ Attacks Work?

Related: Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.