Samsung announced a new function called Message Guard, which provides users protection from the malicious actions of attackers using the so-called “Zero-Click” attacks.
South Korean conglomerate stated This solution “preventively” protects user devices, “limiting the effects of invisible threats disguised as images”.
The function available in the Samsung Messages and Google Messages messengers is currently limited by the Samsung Galaxy S23 smartphone series. But this year the company plans to extend the function to other Galaxy smartphones and tablets operating on One UI 5.1 or higher.
zero-click attacks are targeted and complex attacks that previously unknown vulnerabilities (for example, zero day) in order to perform harmful code without any interaction with the user.
Such attacks differ from the traditional methods of remote use of the device in which attackers use phishing tactics to force the user to cross the malicious link or launch a malicious file. Zero-Click attacks completely bypass the need for social engineering and provide the attacker with the entry point without interaction with the user.
Most Zero-Click Explotes are designed to use vulnerabilities in applications and services for the exchange of SMS messages or emails. The thing is that such services or applications are forced to process unreliable data. And if there is a valid vulnerability of scammers, nothing can stop anything.
As a result, if there is a vulnerability associated with the interpretation of incoming data in the application security system, an attacker can use it to create a malicious image that automatically performs the code built into it when sent to the target device.