Login Sign Up

CVE-2024-49403

4.6 MEDIUM

📋 TL;DR

This vulnerability allows physical attackers to access voice recording files from Samsung Voice Recorder while the device is on the lock screen. It affects Samsung mobile device users who haven't updated their Voice Recorder app to the patched version. The issue stems from improper access control that fails to properly restrict file access when the device is locked.

💻 Affected Systems

Products:
  • Samsung Voice Recorder
Versions: Versions prior to 21.5.40.37
Operating Systems: Android (Samsung devices)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Samsung devices with the vulnerable Voice Recorder app version. Requires physical access to the locked device.

📦 What is this software?

Voice Recorder by Samsung

View all CVEs affecting Voice Recorder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attackers could access sensitive voice recordings containing confidential information, personal conversations, or business discussions while the device is locked.

🟠

Likely Case

Someone with brief physical access to a locked device could browse and potentially copy voice recordings without authentication.

🟢

If Mitigated

With proper controls, recordings remain protected behind authentication even when the device is locked.

🌐 Internet-Facing: LOW - This requires physical access to the device, not network access.
🏢 Internal Only: MEDIUM - Physical access threats exist in environments where devices may be left unattended or shared.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical access to the device while it's locked. No special tools or technical skills needed beyond basic device navigation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.5.40.37 and later

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11

Restart Required: No

Instructions:

1. Open Galaxy Store or Google Play Store on your Samsung device. 2. Search for 'Samsung Voice Recorder'. 3. If an update is available, tap 'Update'. 4. Alternatively, enable automatic updates in your app store settings.

🔧 Temporary Workarounds

Disable Voice Recorder from Lock Screen

android

Remove Voice Recapper from lock screen shortcuts or disable lock screen access to the app

Use Secure Folder for Sensitive Recordings

android

Store sensitive recordings in Samsung's Secure Folder which requires separate authentication

🧯 If You Can't Patch

  • Enable strong lock screen security (PIN, password, or biometrics) to reduce physical access opportunities
  • Avoid leaving devices unattended in public or shared spaces

🔍 How to Verify

Check if Vulnerable:

1. Open Samsung Voice Recorder app. 2. Go to Settings > About. 3. Check if version is below 21.5.40.37.

Check Version:

No CLI command - check via app Settings > About on device

Verify Fix Applied:

1. Update app via Galaxy Store/Play Store. 2. Verify version is 21.5.40.37 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns to voice recording directories while device locked

Network Indicators:

  • Not applicable - local physical access vulnerability

SIEM Query:

Not applicable - no network exploitation vector

📊 Metadata

CVE ID: CVE-2024-49403
CVSS v3 Score: 4.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: November 6, 2024
Last Updated: November 13, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON