Google is warning owners of some Samsung, Vivo, and Pixel phones that a series of exploits enables bad actors to compromise devices simply by knowing phone numbers — and device owners won’t notice.
Project Zero, Google’s internal team of cyber security experts and analysts, is described in a blog post 18 different potential exploits in some phones that use Samsung Exynos modems. Exploits are so dangerous that they should be treated as zero-day vulnerabilities (which means they must be fixed immediately). With four of these vulnerabilities, the attacker would have to have just the right phone number to access the data flowing in and out of the device’s modem, such as phone calls and text messages.
The other 14 vulnerabilities are less of a concern, because they require more effort to uncover their vulnerabilities — attackers would need to gain access to the device locally or to cellular carrier systems, like TechCrunch says. male.
Owners of affected devices should install upcoming security updates as soon as possible, though it’s up to phone makers to decide when to release a software patch for each device. Meanwhile, Google says device owners can avoid being targeted with these vulnerabilities by turning off Wi-Fi calling and Voice-over-LTE, or VoLTE, in their device’s settings.
In the blog post, Google listed phones that use Exynos modems — inadvertently acknowledging that premium Pixel phones have been using Samsung modems for years. The list also includes a few wearables and cars that use specific modems.
Phones from Samsung, including those in the premium Galaxy S22 series, the mid-range M33, M13, M12, A71, and A53 series, and the more affordable A33, A21, A13, A12, and A04 series. and Google’s S15, S6, X70, X60, and X30 series premium Pixel 6 and Pixel 7 devices (at least one of the four most serious vulnerabilities fixed in the March security update). W920 Chipset Any vehicles using Exynos Auto T5123 chipset.
The blog reported that Google reported these exploit discoveries to affected phone manufacturers in late 2022 and early 2023. But the Project Zero team chose not to disclose four more vulnerabilities out of caution because of their continued severity, going beyond its usual practice of disclosing all exploits for a period of time. specific after informing the affected companies.
Samsung did not immediately respond to a request for comment.
ليست هناك تعليقات:
إرسال تعليق