Connect with us


Warning for millions of Android users over serious security flaws in Samsung Galaxy smartphones




Several high-risk security flaws have been discovered in Samsung Galaxy smartphones that could allow hackers to easily target the devices.

Attackers only need to know the victim’s phone number to exploit the bugs without the user knowing anything is wrong, warns Google’s Project Zero team.

WATCH THE VIDEO ABOVE: Best new budget phones 2023.

Watch the latest News on Channel 7 or stream for free on 7plus >>

Google’s Project Zero security researchers study flaws in hardware and software systems to find the bugs and fix them.

In a March update, Project Zero’s Tim Willis said researchers found at least 18 security flaws that had not yet been fixed in Samsung’s Exynos modems, which are used in the company’s flagship Galaxy devices.

He warned the four most serious vulnerabilities (CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498) allow for “internet-to-baseband remote code execution” by hackers.

“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Willis explained.

“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”

This means hackers who exploit the flaws may be able to gain complete control over the device.

The 14 other vulnerabilities discovered were not as severe, Willis said, as they need a malicious mobile network operator or require the hacker to have local access to the device.

Affected products include Samsungs in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series; Vivo phones including those in the S16, S15, S6, X70, X60 and X30 series; the Pixel 6 and Pixel 7 from Google; and any devices that use the Exynos Auto T5123 chipset.

Samsung is aware of the issue and is working on a fix, but until security updates are available to fix the bugs for customers, Willis recommends users turn off WiFi calling and Voice-over-LTE.

“Turning off these settings will remove the exploitation risk of these four severe vulnerabilities,” he said.

Pixel devices have already received a fix for the four issues, according to Google’s March security update.