With the launch of its latest flagship Galaxy smartphones, Samsung has introduced a new sandbox feature named Message Guard that is designed to protect devices against zero-click exploits.
It’s not uncommon for sophisticated threat actors to target users with exploits that can be triggered without any interaction from the victim.
As an example, Samsung described a scenario where a hacker sends the targeted user a specially crafted image file that automatically exploits a vulnerability — while the phone is locked in the user’s pocket — to give the attacker access to the victim’s messages, picture gallery and bank details.
Samsung has pointed out that Galaxy smartphones, through the Knox platform, are already protected against attacks involving video and audio file formats. The new Message Guard feature is designed to protect phones against threats disguised as image attachments.
“Samsung Message Guard is an advanced ‘sandbox,’ or a kind of virtual quarantine. When an image file arrives, it is trapped and isolated from the rest of the device,” Samsung explained. “This prevents malicious code from accessing your phone’s files or interacting with its operating system. Samsung Message Guard checks the file bit by bit and processes it in a controlled environment to ensure it cannot infect the rest of your device.”
Message Guard works with the Samsung Messages and Messages by Google applications, but support will be extended to other messaging apps in the future.
The new feature is currently available on Galaxy S23 smartphones, which Samsung launched on February 17, but the tech giant said it will be gradually rolled out to other Galaxy phones and tablets later this year. It will be available for devices running version 5.1 or higher of Samsung’s One UI user interface.
The company said Message Guard is active by default and it runs silently in the background.
In the past years, iOS and Android users were warned several times about attacks involving zero-day exploits that did not require any user interaction. Some of the Android attacks were specifically aimed at Samsung Galaxy phones.
In many cases, such attacks have been linked to known commercial spyware vendors whose services are used by state-sponsored threat actors.
Zero-click exploits targeting Android devices are worth a lot of money. Zerodium, a well-known exploit acquisition company, is currently offering up to $2.5 million for these types of exploits.
Related: Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit
Related: Apple Security Flaw: How do ‘Zero-Click’ Attacks Work?
Related: Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’