Security News > 2023 > March > Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Dangerous Android phone 0-day bugs revealed – patch or work around them now!
2023-03-17 19:56

Google has just revealed a fourfecta of critical zero-day bugs affecting a wide range of Android phones, including some of its own Pixel models.

The four bugs we're talking about here are known as baseband vulnerabilities, meaning that they exist in the special mobile phone networking firmware that runs on the phone's so-called baseband chip.

Baseband flaws allow an attacker not only to break into the modem itself from the internet or the phone network, but also to break into the main operating system from the modem.

Worse still, you can't just look at your Android version number or the version numbers of your apps to check whether you're vulnerable or patched, because the baseband hardware you've got, and the firmware and patches you need for it, depend on your physical device, not on the operating system you're running on it.

Tests conducted by [Google] Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.

Google's recent Pixel devices use Google's own system-on-chip, branded Tensor, but both the Pixel 6 and Pixel 7 are vulnerable to these still-semi-secret baseband bugs.


News URL

https://nakedsecurity.sophos.com/2023/03/17/dangerous-android-phone-0-day-bugs-revealed-patch-or-work-around-them-now/