At TechCrunch Zack Whittaker reports: Google warns users to take action to protect against remotely exploitable flaws in popular Android phones.
In cases, all an attacker needs to take control of an affected device is the phone number.
"Google’s security research unit is sounding the alarm on a set of vulnerabilities it found in certain Samsung chips included in dozens of Android models, wearables and vehicles, fearing the flaws could be soon discovered and exploited.
Google’s Project Zero head Tim Willis said the in-house security researchers found and reported 18 zero-day vulnerabilities in Exynos modems produced by Samsung over the past few months, including four top-severity flaws that could compromise affected devices “silently and remotely” over the cellular network."
About a dozen Samsung phone models are affected. So are devices from Vivo and Google’s own Pixel 6 and Pixel 7 phones. It also affects vehicles using the Exynos Auto T5123 chipset.
Google says its Pixel phones have already been patched to deal with the problem, but it appears despite having had 90 days to act, Samsung has yet to update its software.
In the meantime, the advice from Google for users is remarkable. It says users can protect their phones if they turn off Wi-Fi calling and Voice-over-LTE (VoLTE). For some users that means they won’t be able to use their phones to make calls. While modern phones do much more than handle voice calls, taking away that functionality, even while waiting for a security fix, is drastic.