CVE-2024-49405 – This vulnerability in Samsung Pass allows physi... (How to Fix)

Q: What is the severity of CVE-2024-49405?

CVE-2024-49405 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Samsung Pass allows physical attackers to bypass authentication and access sensitive information stored in the Private Info feature. It affects Samsung mobile device users with Samsung Pass versions before 4.4.04.7. The attack requires physical access to the device under specific conditions.

📋 TL;DR

This vulnerability in Samsung Pass allows physical attackers to bypass authentication and access sensitive information stored in the Private Info feature. It affects Samsung mobile device users with Samsung Pass versions before 4.4.04.7. The attack requires physical access to the device under specific conditions.

💻 Affected Systems

Products:

Samsung Pass

Versions: All versions prior to 4.4.04.7

Operating Systems: Android (Samsung devices)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Samsung Pass with Private Info feature enabled. Specific scenario details not publicly disclosed by Samsung.

📦 What is this software?

Pass by Samsung

View all CVEs affecting Pass →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Physical attackers could access stored passwords, payment information, personal notes, and other sensitive data protected by Samsung Pass without authentication.

🟠

Likely Case

Someone with brief physical access to an unlocked or recently used device could view sensitive information that should require additional authentication.

🟢

If Mitigated

With proper device locking and physical security controls, the risk is significantly reduced as the attack requires specific physical access conditions.

🌐 Internet-Facing: LOW - This is a local physical access vulnerability, not remotely exploitable.

🏢 Internal Only: MEDIUM - Physical device theft or unauthorized access could lead to information disclosure, but requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires physical access and specific conditions. Not remotely exploitable. Samsung has not disclosed exact exploitation details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.04.7 and later

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11

Restart Required: No

Instructions:

1. Open Samsung Pass app. 2. Check for updates in app settings. 3. Update to version 4.4.04.7 or later. 4. Alternatively, update through Galaxy Store or device system updates.

🔧 Temporary Workarounds

Disable Private Info feature

android

Temporarily disable the Private Info functionality in Samsung Pass until patched

Enable strong device authentication

android

Use biometric authentication (fingerprint/face) and strong PIN/password for device unlock

🧯 If You Can't Patch

Disable Samsung Pass Private Info feature entirely
Implement strict physical security controls for devices and ensure they are never left unattended

🔍 How to Verify

Check if Vulnerable:

Check Samsung Pass version in app settings. If version is below 4.4.04.7, device is vulnerable.

Check Version:

No CLI command. Check via: Samsung Pass app → Settings → About Samsung Pass

Verify Fix Applied:

Confirm Samsung Pass version is 4.4.04.7 or higher in app settings.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Samsung Pass Private Info
Multiple failed authentication attempts followed by successful access

Network Indicators:

Not applicable - local physical vulnerability

SIEM Query:

Not applicable for this physical access vulnerability

📊 Metadata

CVE ID: CVE-2024-49405

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Published: November 6, 2024

Last Updated: November 13, 2024

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON