Security News > 2023 > March > Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs
Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control their handsets knowing just the phone number.
Between late 2022 and early this year, Google's Project Zero found and reported 18 of these bugs in Samsung's Exynos cellular modem firmware, according to Tim Willis, who heads the bug-hunting team.
The baseband, or modem, portion of a device typically has privileged low-level access to all the hardware, and so exploiting bugs within its code can give an intruder full control over the phone or device.
"With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely," he added.
Affected devices include those using Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series of chips; Vivo mobile devices including the S16, S15, S6, X70, X60 and X30 series; the Pixel 6 and Pixel 7 series of devices from Google; and vehicles that use the Exynos Auto T5123 chipset.
Google issued a fix for CVE-2023-24033 affecting Pixel devices in its March security update.
News URL
Related news
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- Samsung phone users under attack, Google warns (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-13 | CVE-2023-24033 | Unspecified vulnerability in Samsung products The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | 9.8 |