top of page

Zero-Click Malware eliminated in new Samsung tool

Samsung have introduced a new tool called Message Guard which includes safeguards designed to shield users from Malware and spyware originating in zero-click style attacks.

The feature is accessible on Samsung and Google Messages and although currently only available on the newly-released Samsung S23 range, there are plans to roll it out across other Galaxy smartphones and tablets operating on One UI 5.1 or above and potentially some third-party messaging applications.

Zero-click attacks are sophisticated attacks that do not require user interaction to initiate the execution of malicious code. They bypass the need for social engineering and provide a threat actor with an entry point to the compromised device.

Zero-Click attacks usually aim to exploit vulnerabilities in applications that handle untrusted data, such as SMS, or email apps. Therefore, if there is a vulnerability in the method that an application uses to process incoming data, a threat actor could leverage this by creating a malicious image that, when sent to a user’s device, automatically triggers the execution of the embedded malicious code.

Furthermore, the image could be coded to delete itself once the exploitation has been carried out and the sensitive data (password, usernames etc) has been extracted.

Samsung's Message Guard is compatible with several image formats, PNG, JPG/JPEG, GIF, ICO, WEBP, BMP and WBMP and serves as a sandbox to isolate images received from the device's operating system whilst the tool analyses it for threats.

The functionality is similar to Apple's iMessage feature called BlastDoor, which the vendor introduced in iOS 14 to counter zero-click attacks through their messaging application.

In addition, Apple also launched an optional security feature called Lockdown Mode, which strengthens the security of iPhones and iPads with aims to protect against “extremely rare and highly sophisticated attacks”.

Samsung’s new tool and those employed by Apple indicate the intent which tech companies are now implementing to prevent cyber-attacks on their users.

Organisations could look to consider upgrading the devices used by personnel to further improve their cyber defensive stance.

With mention of the rollout to other galaxy smart devices and third-party messaging applications, it may be possible to have the feature available to the messaging applications used across organisational mobile infrastructure in the future.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page