Samsung have introduced a new tool called Message Guard which includes safeguards designed to shield users from Malware and spyware originating in zero-click style attacks.
The feature is accessible on Samsung and Google Messages and although currently only available on the newly-released Samsung S23 range, there are plans to roll it out across other Galaxy smartphones and tablets operating on One UI 5.1 or above and potentially some third-party messaging applications.
Zero-click attacks are sophisticated attacks that do not require user interaction to initiate the execution of malicious code. They bypass the need for social engineering and provide a threat actor with an entry point to the compromised device.
Zero-Click attacks usually aim to exploit vulnerabilities in applications that handle untrusted data, such as SMS, or email apps. Therefore, if there is a vulnerability in the method that an application uses to process incoming data, a threat actor could leverage this by creating a malicious image that, when sent to a user’s device, automatically triggers the execution of the embedded malicious code.
Furthermore, the image could be coded to delete itself once the exploitation has been carried out and the sensitive data (password, usernames etc) has been extracted.
Samsung's Message Guard is compatible with several image formats, PNG, JPG/JPEG, GIF, ICO, WEBP, BMP and WBMP and serves as a sandbox to isolate images received from the device's operating system whilst the tool analyses it for threats.
The functionality is similar to Apple's iMessage feature called BlastDoor, which the vendor introduced in iOS 14 to counter zero-click attacks through their messaging application.
In addition, Apple also launched an optional security feature called Lockdown Mode, which strengthens the security of iPhones and iPads with aims to protect against “extremely rare and highly sophisticated attacks”.
Samsung’s new tool and those employed by Apple indicate the intent which tech companies are now implementing to prevent cyber-attacks on their users.
Organisations could look to consider upgrading the devices used by personnel to further improve their cyber defensive stance.
With mention of the rollout to other galaxy smart devices and third-party messaging applications, it may be possible to have the feature available to the messaging applications used across organisational mobile infrastructure in the future.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).