Samsung Galaxy Phones Compromised for 10 Months, Exposing Photos and Data

Samsung Galaxy users have been unwittingly caught in a prolonged hacking campaign that compromised their devices and extracted sensitive information without any user interaction. Security experts from Palo Alto Networks’ Unit 42 have uncovered a sophisticated spyware operation, named “Landfall,” which exploited a zero-day vulnerability in Samsung’s software for nearly ten months, from July 2024 to April 2025. Although Samsung addressed the flaw in April 2025, the full extent of the breach had remained undisclosed until now.

A Zero-Click Hack Delivered Through an Image

Researchers revealed that the Landfall operation utilized a previously unknown vulnerability, identified as CVE-2025-21042. This flaw allowed attackers to take control of a device merely by sending a specially crafted image, likely through a messaging application. The nature of this attack is classified as a “zero-click” exploit, meaning that victims did not need to interact with the image for the hack to succeed. This method of infiltration underscores the sophistication of the operation, as it bypassed traditional security measures without requiring any action from the user. Samsung’s patch in April 2025 aimed to close this vulnerability, but the details surrounding the exploit had not been publicly disclosed until now.

Photos, Chats, Calls – Everything Was Exposed

Once the spyware was installed on a device, it gained access to a wide array of personal data. This included sensitive information such as photos, messages, contacts, call logs, precise location data, and even the device’s microphone for real-time audio capture. The spyware specifically targeted certain Samsung models, including the Galaxy S22, S23, S24, and select Galaxy Z series devices, affecting Android versions 13 through 15. The breadth of data compromised raises significant concerns about user privacy and security, highlighting the potential risks associated with vulnerabilities in widely used technology.

Not a Mass Attack, a Targeted Espionage Operation

Unit 42 clarified that the Landfall operation was not a widespread malware campaign but rather a targeted espionage effort aimed at specific individuals, likely for surveillance or intelligence purposes. Samples of the spyware were traced back to regions including Morocco, Iran, Iraq, and Turkey, indicating a focus on the Middle East. Turkey’s national cybersecurity agency even identified one of the spyware’s servers as malicious, suggesting active targeting within the country. Furthermore, Unit 42 discovered connections between this operation and a known surveillance group called Stealth Falcon, which has previously been linked to attacks on journalists and activists. However, the evidence was insufficient to definitively attribute the operation to any specific government entity.

Samsung Yet to Comment

As of now, Samsung has not released an official statement regarding the findings of this hacking campaign. Researchers have noted that it remains uncertain who developed the spyware and the total number of individuals affected. Users of Galaxy devices running Android versions 13 to 15 are strongly advised to ensure they have installed all security updates released in April 2025 or later. This precaution is essential to protect against potential vulnerabilities and safeguard personal information.

Observer Voice is the one stop site for National, International news, Sports, Editor’s Choice, Art/culture contents, Quotes and much more. We also cover historical contents. Historical contents includes World History, Indian History, and what happened today. The website also covers Entertainment across the India and World.

Follow Us on Twitter, Instagram, Facebook, & LinkedIn