Technology
Warning for millions of Android users over serious security flaws in Samsung Galaxy smartphones
Several high-risk security flaws have been discovered in Samsung Galaxy smartphones that could allow hackers to easily target the devices.
Attackers only need to know the victim’s phone number to exploit the bugs without the user knowing anything is wrong, warns Google’s Project Zero team.
WATCH THE VIDEO ABOVE: Best new budget phones 2023.
Watch the latest News on Channel 7 or stream for free on 7plus >>
Google’s Project Zero security researchers study flaws in hardware and software systems to find the bugs and fix them.
In a March update, Project Zero’s Tim Willis said researchers found at least 18 security flaws that had not yet been fixed in Samsung’s Exynos modems, which are used in the company’s flagship Galaxy devices.
He warned the four most serious vulnerabilities (CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498) allow for “internet-to-baseband remote code execution” by hackers.
“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Willis explained.
“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”
This means hackers who exploit the flaws may be able to gain complete control over the device.
The 14 other vulnerabilities discovered were not as severe, Willis said, as they need a malicious mobile network operator or require the hacker to have local access to the device.
Affected products include Samsungs in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series; Vivo phones including those in the S16, S15, S6, X70, X60 and X30 series; the Pixel 6 and Pixel 7 from Google; and any devices that use the Exynos Auto T5123 chipset.
Samsung is aware of the issue and is working on a fix, but until security updates are available to fix the bugs for customers, Willis recommends users turn off WiFi calling and Voice-over-LTE.
“Turning off these settings will remove the exploitation risk of these four severe vulnerabilities,” he said.
Pixel devices have already received a fix for the four issues, according to Google’s March security update.
Draftkings Best NBA Showdown Picks: 76ers vs. Knicks 4/22/24
Cleveland Cavaliers vs Orlando Magic Prediction 4-22-24 Picks
Are race-conscious scholarships on their way out?
-
Technology43m agoTransporting hazardous materials across the country isn’t easy − that’s why there’s a host of regulations in place
-
Technology44m agoChemical pollutants can change your skin bacteria and increase your eczema risk − new research explores how
-
Technology13h agoAre tomorrow’s engineers ready to face AI’s ethical challenges?
-
Technology14h agoChina launches new remote sensing satellite
-
Technology20h agoGoogle drops supplier minimum wage, benefits rules
-
Technology20h agoTesla cuts price of Full Self-Driving software by a third
-
Technology2d agoFuture quantum computers could use bizarre 'error-free' qubit design built on forgotten research from the 1990s
-
Technology2d agoCEO Of Largest U.S. Bank: Artificial Intelligence Will Be Transformational, Like Steam Engine And Electricity