Millions of Android users may be affected by vulnerabilities in the system.
Google strongly advises people with these devices to protect themselves by tweaking two features.
What devices are affected?
Google issued a ‘severe’ alert to millions of Android users advising them to stitch off two dangerous settings as soon as possible.
According to Google’s Project Zero team which is dedicated to security research, the vulnerabilities impact phones as well as cars. They found a total of eighteen vulnerabilities.
Only a select few Android devices are impacted. They include the Pixel 6 and Pixel 7 from Google and Samsung’s S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04.
Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series, are affected too.
Any vehicles that use an Exynos Auto T5123 chipset are also at risk.
The impacted devices use one of Samsung‘s modems.
Many S22 phones sold outside of Europe and some African countries have a Qualcomm modem and are therefore safe.
Owners of these devices have been urged to turn off two features in their Settings: Wi-Fi calling and Voice-over-LTE.
This can help lock out hackers while Samsung‘s cyber staff work on a fix for the flaw.
Luckily for Pixel owners, their devices have already received a security update.
Google’s Project Zero team advised:
As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities.
What are the vulnerabilities and are they being fixed?
The four worst cyber flaws give hackers access to the devices through the phone number alone and without any user interaction, also known as ‘Internet-to-baseband remote code execution’. The other fourteen are less severe because they require either a malicious mobile network operator or an attacker with local access to the device.
There are just four of the 14 less severe vulnerabilities that haven’t been patched yet according to Google, which Samsung is responsible for.
A spokesperson for Samsung said:
Samsung takes the safety of our customers very seriously.
After determining six vulnerabilities that may potentially impact select Galaxy devices, of which none were ‘severe’, Samsung released security patches for five of these in March.
Another security patch will be released in April to address the remaining vulnerability.
Samsung recommends all users keeping their devices updated with the latest software to ensure the highest level of protection possible’.
Sources used:
Millions of Android users told to switch off two dangerous settings NOW as Google issues ‘severe’ alert’