Warning for millions of Android users over serious security flaws in Samsung Galaxy smartphones
Several high-risk security flaws have been discovered in Samsung Galaxy smartphones that could allow hackers to easily target the devices.
Attackers only need to know the victim’s phone number to exploit the bugs without the user knowing anything is wrong, warns Google’s Project Zero team.
WATCH THE VIDEO ABOVE: Best new budget phones 2023.
Watch the latest News on Channel 7 or stream for free on 7plus >>
Google’s Project Zero security researchers study flaws in hardware and software systems to find the bugs and fix them.
In a March update, Project Zero’s Tim Willis said researchers found at least 18 security flaws that had not yet been fixed in Samsung’s Exynos modems, which are used in the company’s flagship Galaxy devices.
He warned the four most serious vulnerabilities (CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498) allow for “internet-to-baseband remote code execution” by hackers.
“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Willis explained.
“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”
This means hackers who exploit the flaws may be able to gain complete control over the device.
The 14 other vulnerabilities discovered were not as severe, Willis said, as they need a malicious mobile network operator or require the hacker to have local access to the device.
Affected products include Samsungs in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series; Vivo phones including those in the S16, S15, S6, X70, X60 and X30 series; the Pixel 6 and Pixel 7 from Google; and any devices that use the Exynos Auto T5123 chipset.
Samsung is aware of the issue and is working on a fix, but until security updates are available to fix the bugs for customers, Willis recommends users turn off WiFi calling and Voice-over-LTE.
“Turning off these settings will remove the exploitation risk of these four severe vulnerabilities,” he said.
Pixel devices have already received a fix for the four issues, according to Google’s March security update.
Kevin De Bruyne insists Champions League final won't 'define' his career
Man Utd 2022/23 season review: Erik ten Hag era begins with immense promise
Is Outlook down? Thousands of users report problems with Microsoft's email platform
Kentucky pauses incentives for battery maker whose federal loan was nixed after claims of China ties
Heartbreaking Moments: Dogs’ Last-Minute Behavioral Patterns Spotted by Vets
Everyone was moved by the touching tale of the dog that gave his life to save its master from the world’s deаdɩіeѕt serpent.
Dropbox drops integration with Google Docs, Sheets
France rolls out the red carpet for EV battery factories
YouTube TV faces issues with family sharing accounts
Gmail gets AI upgrade to make searching easier
Majority of EU countries against network fee levy on Big Tech
Canada facing rising threat from cyberattacks, defence minister
Twitter's head of brand safety and ad quality to leave
Apple expected to unveil mixed-reality headset