I am mainly a lurker here, but created an account to reply to this. I have two S21s (SM-991B/DS) which are XSP (Singapore) phones that were imported into the US and being used on AT&T. Both of them have a problem making or receiving phone calls after the June 1, 2022 patch level. I have sent the following to Samsung's security department after about 2 days worth of getting the run around from AT&T, Samsung, and XSP (Samsung got me in contact with XSP). Samsung keeps wanting me to send my phone in and won't transfer me to engineering or past first level support. I have decided to post this publicly due to helping the community, the future security implications, and Samsung's tech support seemingly not caring at all.
***** start - email sent to '
[email protected]" *****
Samsung Security Team,
Hello, my name is <redacted> and I am a security professional. There currently is an issue with the June 1, 2022 patch level on certain S21s phones and I do not know who to talk to since I have been given the run around by my carrier (AT&T), Samsung 1st level support (US), and XSP (Singapore Telco provider). I have two S21s (model #SM-G991B/DS) and upon installing the June 1, 2022 patch level, the phones cannot make or receive phone calls. I have reflashed my phones via Odin3 to the May firmware image for my phone and it resolved the issue. I tried to re-apply the update and it re-produced the problem.
While this issue itself isn't a security issue, I do have to disable updates on my phones in order to not have a $900 brick in my hand. This becomes a security issue since my phones will not be receiving further updates since it breaks the phone and defeats the purpose of that phone (i.e. to make or receive calls). Essentially security is useless if the service is not functional - this is a core tenet and wire balancing act of information security.
I am hoping Samsung is interested in security and will look into this issue. I have spent about 2 days tracking down this issue and I can reproduce the problem.
Thank you,
<redacted>
***** end - email sent to '
[email protected]" *****
I guess I will find out if the Mobile Security team even decides to reply back to me.