A major new Android bug lets hackers take over your devices

/in


Google says dozens of Android devices, including smartphones, wearables, and vehicles, can be compromised without user interaction.

The culprit? Multiple zero-day vulnerabilities in Samsung’s Exynos modems.

That’s right – just the victim’s phone number is all an attacker needs to remotely compromise a victim’s device.

According to TechCrunch, Google’s Project Zero team discovered a total of 18 zero-day vulnerabilities, four of which are severe enough to allow an attacker to execute remote code with no user interaction.

Project Zero’s Tim Willis wrote in a blog post:

“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”

android smartphone on a deskmat with a dinosaur barfing a rainbow on it

In other words, skilled attackers could easily create an operational exploit to compromise affected devices silently and remotely. Scary stuff, right?

So, which devices are affected by these vulnerabilities? Well, it’s not just a few devices – there are dozens. And you know what? Even Google’s latest smartphones aren’t safe from cover.

Here’s the list of products that Google provided:

Yea, that’s a lot of devices.

galaxy s23 ultra

A security researcher on the Project Zero team, Maddie Stone, confirmed in a tweet that Samsung was given 90 days to release a patch, but none has been forthcoming.

So, if you own one of the affected devices and don’t want to wait for a security patch, Google advises you to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in your device settings.

Note: Disabling VoLTE will greatly diminish your phone call network coverage.

If you need help, we made a guide here on disabling Wi-Fi Calling on Samsung devices. Additionally, we’ll share them below, just in case.

How to turn off WiFi calling on a Samsung phone

You can…

Source…