Business
A major new Android bug lets hackers take over your devices
And it’s not just a few devices – there are dozens.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Google says dozens of Android devices, including smartphones, wearables, and vehicles, can be compromised without user interaction.
The culprit? Multiple zero-day vulnerabilities in Samsung’s Exynos modems.
That’s right – just the victim’s phone number is all an attacker needs to remotely compromise a victim’s device.
According to TechCrunch, Google’s Project Zero team discovered a total of 18 zero-day vulnerabilities, four of which are severe enough to allow an attacker to execute remote code with no user interaction.
Project Zero’s Tim Willis wrote in a blog post:
“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”
In other words, skilled attackers could easily create an operational exploit to compromise affected devices silently and remotely. Scary stuff, right?
So, which devices are affected by these vulnerabilities? Well, it’s not just a few devices – there are dozens. And you know what? Even Google’s latest smartphones aren’t safe from cover.
Here’s the list of products that Google provided:
- Google’s own Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, and Pixel 7 Pro
- Samsung devices in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 series
- Vivo devices in the S16, S15, S6, X70, X60 and X30 series
- Any vehicles using the Exynos Auto T5123 chipset
Yea, that’s a lot of devices.
A security researcher on the Project Zero team, Maddie Stone, confirmed in a tweet that Samsung was given 90 days to release a patch, but none has been forthcoming.
So, if you own one of the affected devices and don’t want to wait for a security patch, Google advises you to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in your device settings.
If you need help, we made a guide here on disabling Wi-Fi Calling on Samsung devices. Additionally, we’ll share them below, just in case.
How to turn off WiFi calling on a Samsung phone
You can find the WiFi calling toggle in the settings of your Samsung phone. But you don’t get there through the traditional settings app.
Instead, you can start by opening the Phone app on your phone.
And while you’re at it, could you check to see if your device has any updates waiting to be installed.
According to Tim Willis, head of Project Zero, there are still 14 zero-day exploits that require either a malicious mobile network operator or an attacker with local access to the device.
The eye of the storm
These aren’t as severe, but Samsung will still need to produce a patch to fix these security vulnerabilities as soon as possible.
In the meantime, stay vigilant, Android users. Keep your devices updated and follow Google’s advice to turn off Wi-Fi calling and VoLTE.
And remember, as Willis said in a blog post:
“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- New Riot Games hack will delay future game updates
- DraftKings hack exposes 67,000 users’ personal and financial info
- Chrome users: Update now to patch active zero-day vulnerability
- Update Google Chrome now – there are two new zero-day vulnerabilities