“Message Guard,” a protective feature preventing Samsung users from falling victim to malware and spyware resulting from zero-click attacks, was recently launched by the organization to operate fully on the Samsung Galaxy S23 series with active expansion plans to ensure the availability of the same feature on all other Galaxy smartphones and tablets running on One UI 5.1 or higher within one year.
According to Samsung, this security feature will counter vulnerability resulting from users falling victim to invisible threats in image attachments. The development became a countermeasure against treat actors’ transition from using a zero-day to a zero-click attack that allows the automatic execution of malicious code without users’ permission or interaction.
Zero-click attacks exploit the vulnerability of everyday applications such as SMS and email applications. It is considered more dangerous than the conventional phishing attack because using such applications is almost inevitable. An existing vulnerability in such an application could provide an entry point to a threat actor who is skilled enough to craft a malicious image for the direct execution of codes through an app with shortcomings in the method of interpreting incoming data.
Due to zero interactions between users and the malicious program during execution, the attack often leaves no trace of suspicious activity. It implies that a threat actor could access a victim’s device for a long time, actively stealing sensitive information without notice.
The “Message Guard” is designed to work against most available image formats, including GIF, WEBP, and WBMP, that could contain malicious executable programs by putting them in quarantine. According to Samsung, the new security isolates infected images from the remaining part of the device OS. Verifying the file’s authenticity is completely done in a controlled environment free from interaction with everything else on the device.