- Gender
- Male
- Device
- SamsungFold5, SamsungFold4, iPhone15ProMax, SamsungTab9
- Country
- United States of America
NEW YORK — A hacker would only need someone's phone number to exploit a serious vulnerability in some Android phones, Google Project Zero is warning.
Project Zero, the tech giant's security research team, said it found serious vulnerabilities affecting dozens of Android phone models and other devices that use Exynos modems.
Google Project Zero director Tim Willis said skilled hackers could easily exploit and gain complete access to the device without a user ever knowing.
"With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely," Willis said in a blog post.
Affected devices include, but may not be limited to:
Until more patches are released, users with affected devices should turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings and update devices as soon as possible.
How to turn off Wi-Fi calling on a Samsung Galaxy phone:
Project Zero security researcher Maddie Stone said on Twitter that Samsung had not patched the bugs more than 90 days after the flaws were reported.
Project Zero, the tech giant's security research team, said it found serious vulnerabilities affecting dozens of Android phone models and other devices that use Exynos modems.
Google Project Zero director Tim Willis said skilled hackers could easily exploit and gain complete access to the device without a user ever knowing.
"With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely," Willis said in a blog post.
Affected devices include, but may not be limited to:
- Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series. According to TechReport, only the international version of the Samsung S22 is affected.
- Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series
- Google Pixel 6 and Pixel 7 series
- Vehicles that use the Exynos Auto T5123 chipset
What should you do?Updates to Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems
* The four severe Internet-to-baseband RCE vulns now have CVE-IDs
* Pixel just updated their March 2023 bulletin to show fixes for all four of the severe issues for Pixel 6 and 7
* I'm told that the Pixel 6 March OTA update is rolling out now.
— Tim Willis (@itswillis) March 20, 2023
Until more patches are released, users with affected devices should turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings and update devices as soon as possible.
How to turn off Wi-Fi calling on a Samsung Galaxy phone:
- Open the Phone app
- Select more options (three vertical dots), and then tap Settings.
- Tap Wi-Fi Calling
- Tap the switch if it is not already turned off
Project Zero security researcher Maddie Stone said on Twitter that Samsung had not patched the bugs more than 90 days after the flaws were reported.
End-users still don't have patches 90 days after report....
— Maddie Stone (@maddiestone) March 16, 2023