Sunday, April 2, 2023
Home Reviews Google warns users to take action to protect against remotely exploitable flaws...

Google warns users to take action to protect against remotely exploitable flaws in popular Android phones

Google’s security research unit is sounding the alarm on a set of vulnerabilities it found in certain Samsung chips included in dozens of Android models, wearables and vehicles, fearing the flaws could be soon discovered and exploited.

In a blog post, Google’s Project Zero head Tim Willis said the in-house security researchers found and reported 18 zero-day vulnerabilities in Exynos modems produced by Samsung over the past few months, including four top-severity flaws that could compromise affected devices “silently and remotely” over the cellular network.

“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Willis said.

By gaining the ability to remotely run code at a device’s baseband level — essentially the Exynos modems that convert cell signals to digital data — an attacker would be able to gain near-unfettered access to the data flowing in and out of an affected device, including cellular calls, text messages, and cell data, without alerting the victim.

As disclosures go, it’s rare to see Google — or any security research firm — sound the alarm on high-severity vulnerabilities before they are patched. Google noted the risk to the public, stating that skilled attackers “would be able to quickly create an operational exploit” with limited research and effort.

Project Zero researcher Maddie Stone wrote on Twitter that Samsung had 90 days to patch the bugs, but hasn’t yet.

Samsung confirmed in a March 2023 security listing that several Exynos modems are vulnerable, affecting several Android device manufacturers, but provided little other details.

According to Project Zero, affected devices include nearly a dozen Samsung models, Vivo devices, and Google’s own Pixel 6 and Pixel 7 handsets. Affected devices also include wearables and vehicles that rely on Exynos chips for connecting to the cellular network.

Google said that patches will vary depending on the manufacturer, but noted that its Pixel devices are already patched with its March security updates.

Until affected manufacturers push software updates to their customers, Google said users who wish to protect themselves can switch off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings, which will “remove the exploitation risk of these vulnerabilities.”

Google said the remaining 14 vulnerabilities were less severe since they required either access to a device or have insider or privileged access to a cell carrier’s systems.

- Advertisment -

Most Popular

Call Of The Wilde: Carolina Hurricanes shutout the Montreal Canadiens

The Montreal Canadiens, heading into the final two weeks of the season, invited another difficult opponent into the Bell Centre on Saturday night. The...

Krablr develops generative AI language to boost crab yields

Krablr, the real-time crab pricing engine for amateur fishermen, has announced yet another pivot in its business model. Following a successful transition from crab...

Junji Ito’s Bloodsucking Darkness Manga is Getting a Film Adaptation

Junji Ito is one of the biggest horror creators in manga, and his long career has led to numerous adaptations of his work....

Kim Kardashian Sizzles In Nude SKIMS One Piece For Beach Photoshoot

View gallery Image Credit: BACKGRID Kim Kardashian, 42, looked like a summer dream, in her latest set of photos. The reality star rocked a...