Google warns users of 18 bugs in mass-level Android phones

IANS 17 March 2023

Google security teams have discovered 18 zero-day vulnerabilities in Samsung Exynos chips used in several top Android smartphones and wearables that may put those devices at risk.

Google's Project Zero head Tim Willis said in a blog post that four most severe of these vulnerabilities "allowed for Internet-to-baseband remote code execution".

Tests conducted by Project Zero confirmed that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.

With limited additional research and development, "we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely", said Google security researchers.

"Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung's Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings," said Willis.

Turning off these settings will remove the exploitation risk of these vulnerabilities, he added.

The affected mobile devices are from Samsung, Vivo, Google (Pixel 6 and Pixel 7 series); any wearables that use the Exynos W920 chipset; and any vehicles that use the Exynos Auto T5123 chipset.

Google expects that patch timelines will vary per manufacturer, and affected Pixel devices have already received a fix.

"As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities," said Google.

Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

Comments

User

Consumer Interest

LIC Housing Finance Penalised for Not Paying Insurance Premium after Taking Money from Borrower

Moneylife Digital Team 16 March 2023

Upholding orders passed by fora below, the national consumer dispute redressal commission (NCDRC) asked Life Insurance Corporation Housing Finance Ltd (LICHF) to refund the excess amount deducted as insurance premium with interest...

Consumer Interest

Refund Rs1.62 Crore to Home-buyer; NCDRC to Parsvnath Developers, Parsvnath Hessa

Moneylife Digital Team 15 March 2023

National consumer dispute redressal commission (NCDRC) has ordered New Delhi-based Parsvnath Developers Pvt Ltd and Parsvnath Hessa Developers Pvt Ltd to refund Rs1.62 crore along with an interest of 9%pa (per annum) to a home-buyer...

Consumer Interest

National Consumer Helpline Number 1915 To Be Integrated with WhatsApp

IANS 15 March 2023

The government is working towards integrating the national consumer helpline number (1915) with WhatsApp, which would enable consumers across the country to lodge their complaints against any product or service in an easier manner...

Consumer Interest

Consumer forum slaps Rs50 lakh fine on Prayagraj hospital in UP

IANS 14 March 2023

The State Consumer Disputes Redressal Commission has slapped a fine of Rs 50 lakh on Kamla Nehru Memorial Hospital here over alleged neglect in treatment of a patient that ultimately caused her death.

Geeta Devi Dwivedi, a...