Samsung adds Message Guard protection against zero-click exploits

Samsung has announced the introduction of Message Guard for the Samsung Galaxy S23 series. It will be gradually rolled out to other Galaxy smartphones and tablets later this year.

Message Guard works on images received in messages by the apps “Samsung Messages” and “Messages by Google” and basically acts like a sandbox.

A sandbox in computing is a virtual habitat designed to provide a secluded environment to screen certain files or programs without giving any malware a chance to spread outside of the sandbox across the rest of the “playground”.

Samsung’s Message Guard is a sandbox that aims to protect your device by limiting exposure to invisible threats disguised as image attachments that arrive in messages received by Samsung Messages and Messages by Google. The plan is to release a software update at a later date to let Samsung Message Guard protect you across third party messaging apps as well.

How it works

When an image file arrives as an attachment to a message, the file is put in the sandbox and inspected. The file is processed inside the controlled environment of the sandbox to establish that it will not pose a threat to the device if it is released outside of the sandbox. This prevents malicious code from running amok or accessing your files. It does this silently in the background so the user doesn’t have to do anything and might not even notice it’s there.

Samsung Message Guard covers the following image formats: PNG, JPG/JPEG, GIF, ICO, WEBP, BMP, and WBMP.

Zero-click

Zero-click malware is defined as malware that does not require any user action or input to infect a device or system. Zero-click exploits are files that hide malicious code which do not require user interaction to be executed.

Zero-click exploits typically depend on vulnerabilities in software running on the device, such as the messaging app or the software on the device that renders the image. Such a vulnerability could be used by an attacker to craft a malicious image that automatically executes the malicious code embedded within it.

Samsung Knox already protects against such attachments in audio and video form, behind the scenes. With Message Guard, Samsung says Galaxy users will be protected against exploits in image form too.

Needed?

Samsung states in the announcement that there has been no sign of such attacks on Samsung Galaxy smartphones, but it wants to anticipate potential threats and develop preemptive security measures. This is by no means far-fetched if you look at the methods that Pegasus used against iMessage, although those are highly targeted attacks on people in high-level roles.

Would you like us to list the reasons why we think this is not something we’ve been waiting for? OK then, here goes:

  • The Android Operating System is already based on sandboxing, so we don’t see how this is adding any extra protection.
  • There is no indication that this type of protection has been or ever will be needed.
  • At best it will be providing a false sense of security because it says it offers protection (against a non-existent threat).
  • At worst it will stop people from installing actual protection against threats that actually exist, because they think they already are under maximum protection.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

https://blog.malwarebytes.com/feed/