pixel
Connect with us

Business

A major new Android bug lets hackers take over your devices

And it’s not just a few devices – there are dozens.

android smartphone on a deskmat with a dinosaur barfing a rainbow on it
Image: KnowTechi

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Google says dozens of Android devices, including smartphones, wearables, and vehicles, can be compromised without user interaction.

The culprit? Multiple zero-day vulnerabilities in Samsung’s Exynos modems.

That’s right – just the victim’s phone number is all an attacker needs to remotely compromise a victim’s device.

According to TechCrunch, Google’s Project Zero team discovered a total of 18 zero-day vulnerabilities, four of which are severe enough to allow an attacker to execute remote code with no user interaction.

Project Zero’s Tim Willis wrote in a blog post:

“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”

android smartphone on a deskmat with a dinosaur barfing a rainbow on it

In other words, skilled attackers could easily create an operational exploit to compromise affected devices silently and remotely. Scary stuff, right?

So, which devices are affected by these vulnerabilities? Well, it’s not just a few devices – there are dozens. And you know what? Even Google’s latest smartphones aren’t safe from cover.

Here’s the list of products that Google provided:

Yea, that’s a lot of devices.

Pixel devices such as the Pixel 7 have already received a fix for CVE-2023-24033 in the March 2023 security update. However, according to 9to5Google, the patch has yet to arrive for the Pixel 6, 6 Pro, and 6a.

galaxy s23 ultra

A security researcher on the Project Zero team, Maddie Stone, confirmed in a tweet that Samsung was given 90 days to release a patch, but none has been forthcoming.

So, if you own one of the affected devices and don’t want to wait for a security patch, Google advises you to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in your device settings.

Note: Disabling VoLTE will greatly diminish your phone call network coverage.

If you need help, we made a guide here on disabling Wi-Fi Calling on Samsung devices. Additionally, we’ll share them below, just in case.

How to turn off WiFi calling on a Samsung phone

You can find the WiFi calling toggle in the settings of your Samsung phone. But you don’t get there through the traditional settings app.

Instead, you can start by opening the Phone app on your phone.

Open the phone on your Samsung phonesamsung phone app icon
Tap the three-dot menu in the top-right cornersamsung phone app for wifi menu
Select Settingssamsung phone app settings button
Find the WiFi Calling option about halfway down and toggle it offsamsung phone settings wifi calling toggle

And while you’re at it, could you check to see if your device has any updates waiting to be installed.

According to Tim Willis, head of Project Zero, there are still 14 zero-day exploits that require either a malicious mobile network operator or an attacker with local access to the device.

The eye of the storm

These aren’t as severe, but Samsung will still need to produce a patch to fix these security vulnerabilities as soon as possible.

In the meantime, stay vigilant, Android users. Keep your devices updated and follow Google’s advice to turn off Wi-Fi calling and VoLTE.

And remember, as Willis said in a blog post:

“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Business