Google warns users to take precautions to prevent remotely exploitable flaws on Android phones
The four vulnerabilities in Samsung chips can be exploited by hackers to compromise Android devices "silently" and "remotely" over the cell phone network.
Google's security unit is raising alarm over a number of vulnerabilities found in certain Samsung chips in dozens of Android devices, wearables, and vehicles. They fear that the flaws will soon be exploited.
Tim Willis, Google's Project Zero chief, stated that 18 vulnerabilities were discovered in Exynos modems manufactured by Samsung in the past few months. These included four top-severity flaws which could compromise affected devices "silently or remotely" over cellular networks.
Project Zero tests have confirmed that these four vulnerabilities allow an attacker remotely compromise a phone's baseband level without any user interaction and require that the attacker knows the victim's number," Willis stated.
An attacker could remotely run code on a device's basis level, essentially the Exynos modems which convert cell signals into digital data. This would allow them to gain unrestricted access to all data flowing into and out of the affected device, including text messages and cellular calls.
It's rare that Google or any security research company raises alarm about high-severity vulnerabilities. Google acknowledged the risk to the public and stated that skilled attackers could quickly create an operational exploit with minimal research and effort.
Project Zero says that affected devices include almost a dozen Samsung models, Vivo phones, and Google's Pixel 6 and Pixel 7 handsets. Wearables and vehicles that connect to the cellular network via Exynos chips are also among the affected devices.
Google stated that until affected manufacturers send software updates to customers, users can turn off Wi-Fi calling (VoLTE), and Voice-over LTE (VoLTE), in their device settings. This will "removes the exploitation risk from these vulnerabilities."tech