2

Google advises Android users to take action after finding 18 zero-day vulnerabil...

 1 year ago
source link: https://www.techspot.com/news/97971-google-advises-android-users-take-action-after-finding.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Google advises Android users to take action after finding 18 zero-day vulnerabilities in popular phones

All an attacker needs is the target's phone number

By Rob Thubron Today 5:16 AM 7 comments
Google advises Android users to take action after finding 18 zero-day vulnerabilities in popular phones
TechSpot is about to celebrate its 25th anniversary. TechSpot means tech analysis and advice you can trust.

In brief: Google has issued a warning to users of certain Android handsets, wearables, and vehicles after its Project Zero team of security analysts reported eighteen zero-day vulnerabilities in Exynos Modems produced by Samsung.

Google Project Zero head Tim Willis wrote that the four most serious of the eighteen vulnerabilities, all of which were reported in late 2022 and 2023, allow an attacker to remotely compromise a phone at the baseband level with no user interaction. Compromising a vulnerable device would only require an attacker to know a target's phone number.

A hacker exploiting one of the vulnerabilities would gain total access to all the data moving to and from the device, including calls, texts, and cellular data. Willis writes that skilled attackers could quickly create an operational exploit to compromise affected devices silently and remotely.

The remaining 14 vulnerabilities were not as severe, as they require either a malicious mobile network operator or an attacker with local access to the device.

2022-10-06-image-11.jpg

Pixel owners don't have to worry

Google listed some of the devices featuring the Exynos chipsets that are likely impacted by the vulnerabilities:

  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series
  • The Pixel 6 and Pixel 7 series of devices from Google
  • Any wearables that use the Exynos W920 chipset (inc., the Galaxy Watch 4 and 5)
  • Any vehicles that use the Exynos Auto T5123 chipset.

The good news for owners of affected Pixel devices is that they were already patched in the March 2023 security update. Project Zero researcher Maddie Stone tweeted that despite having 90 days to patch the vulnerabilities, Samsung still hasn't done so.

End-users still don't have patches 90 days after report.... https://t.co/dkA9kuzTso

— Maddie Stone (@maddiestone) March 16, 2023

For owners of the handsets that have yet to be patched, Google recommends switching off Wi-Fi calling and Voice over LTE (VoLTE) in the device settings to remove the exploitation risk of these vulnerabilities.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK