Tag Archive for: Phone

Turn off 2 Pixel and Samsung Galaxy settings to prevent hackers from owning your phone

/in


Google has a Project Zero team that analyzes software and hardware, looking for exploits allowing malicious attackers to get into various gadgets. Project Zero just found one such severe vulnerability, a 0-day issue that would allow hackers to remotely control phones like the Pixel 7 and 6 series, and Samsung Galaxy phones like the Galaxy S22.

The issue resides in the Exynos modems inside those devices. Until manufacturers, Google included, patch them, users should turn off two phone features to eliminate the risk of hacks. These are VoLTE and Wi-Fi calling and shouldn’t impact your overall phone experience.

With VoLTE turned on, you’ll be placing your calls over 4G, and the feature should improve the overall quality of phone calls. Wi-Fi calling, meanwhile, helps you make calls in areas with spotty cellular reception. They’re not must-have features that you immediately think of when buying a new phone. Rather, you take them for granted, if you’re even aware of them.

Whatever the case, you can easily turn these features off from the phone’s Settings app. Once the Exynos patches start rolling in via security updates, you can reenable them.

You might not consider yourself a target for hackers, but that doesn’t mean you’re safe.

Project Zero found 18 vulnerabilities in Exynos modems from late 2022 and early 2023. Four of them are critical, including issues that would allow an attacker to control phones remotely:

The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution. Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

These vulnerabilities are serious enough that they convinced Project Zero to delay the disclosure of the…

Source…

How Samsung’s New ‘Message Guard’ Protects Your Phone From ‘Zero-Click’ Attacks

/in


Photo: Framesira (Shutterstock)

Photo: Framesira (Shutterstock)

Hackers and bad actors are always looking for new methods of attack. One of those attacks is known as “zero-click,” which can infect your phone without you having to do anything at all. Samsung wants to be the face of the solution to this emerging problem, implementing a new security tool for its latest devices known as Samsung Message Guard.

What are “zero-click” exploits?

Zero-click exploits are a particularly nasty kind of security vulnerability. While many attacks rely on you, the user, clicking on a malicious URL or downloading a file containing malware, zero-click exploits don’t require you to do a thing to attack. All a bad actor needs to do is send you the malicious file: Once you receive the message on your phone, you’re already infected.

Read more

How Samsung Message Guard keeps your phone safe

With Samsung Message Guard is enabled on your device, the tool looks out for incoming images in your messages. When one arrives, it isolates that image, and doesn’t allow it to communicate with the rest of the device, in what’s known as a “sandbox.”

Message Guard then scans the message bit by bit for any trace of malicious code. If there is an issue, the image won’t be able to run its code with any other part of your phone, preventing a zero-click attack from ever occurring. It’s a smart strategy, and hopefully ruins the day of anyone relying on zero-click to spread malware around our smartphones.

Which phones are compatible with Samsung Message Guard?

At launch, Samsung Message Guard is only available on the latest suite of Galaxy devices, which includes the Galaxy S23, S23+, and S23 Ultra. Samsung has plans for Message Guard to roll out to other Galaxy phones and tablets later this year, so long as the device is running One UI 5.1.

This isn’t a gimmick to force you to use Samsung Messages, either. If you prefer Google’s Messages app, keep using it, since Samsung Message Guard works with it as well. Even better, Samsung plans to issue an update at a later point, allowing Message Guard to work with third-party chat apps.

[The Verge]

More from Lifehacker

Sign up for Lifehacker’s Newsletter. For the latest news,

Source…

Beyond BharOS: 5 mobile operating systems you can actually try on your Android phone

/in


BharOS, a Linux kernel based operating system for Android phones from an IIT incubated startup is currently touted as India’s own Android and iOS rival. While BharOS is still in the testing phase, it is said to be compatible with Pixel smartphones. If you want to install BharOS on your phone or get a phone that ships with BharOS, you might have to wait for at least a few more months. In the meantime, here are some of the custom Android OS builds that can be used without any Google services.

Do note that, installing a custom ROM on your smartphone does come with risks of its own. To install a custom ROM, the bootloader has to be unlocked, which will make the device vulnerable to hacks and malware. Not just that, a custom ROM might break the primary functionalities of the smartphone and it could also make the phone unusable. Lastly, always download the custom ROMs only from verified sources.

Sailfish OS is available for select Sony smartphones.

Sailfish OS

If you don’t want to use Google services on your Android phone and want an operating system that’s unique, secure, and stable, then Sailfish OS is one of those few options that deliver fourth-generation security with protection from Firejail sandboxing, which reduces the risk of a security breach using Linux namespaces. This operating system is developed and maintained by the team behind the Jolla series of devices, which were launched right after the Nokia N800 and the N900 series of smartphones.

As this is still a Linux kernel based OS, it allows users to sideload APKs. However, the major drawback of this operating system is that the support is limited to select Sony smartphones.

Ubuntu Touch is also available for a wide range of devices.

Ubuntu Touch

Ubuntu Touch is also a great way to enjoy a smartphone without Google services. This custom operating system is available for select phones from Xiaomi, OnePlus, Asus, Google, and Samsung. When compared to other Linux kernel based OS, Ubuntu Touch offers a unique and secure user experience.

Lineage OS was previously known as CyanogenMOD.

LineageOS

Popular amongst custom ROM enthusiasts, LineageOS, previously known as CyanogenMod is one of the most popular open-source…

Source…

FCC Eyes Shrinking Mobile Phone Carriers’ Breach Report Window

/in


Companies such as AT&T Inc., Verizon Communications Inc., and T-Mobile US Inc. would have to notify regulators and law enforcement as soon as practicable after discovering a breach of customers’ data under a proposal from the Federal Communications Commission.

Telecommunications providers also would be required to notify customers without unreasonable delay, as part of proposed updates to the FCC’s existing data breach rules released Friday. The agency is asking for public comment on whether to set a specific timeframe— like within 24 or 72 hours of discovery of a breach—or if the deadline for disclosures should vary based …

Source…