Critical Android Bug Prompts Samsung Users to Update Devices
Samsung users have been warned to update their devices or risk being hacked due to a critical flaw in the Android operating system. Google, the owner and developer of this software, has just released a patch to fix a number of vulnerabilities, one of which has been rated as ‘critical’. If exploited, this bug could allow cyber criminals to gain remote access to devices and install malware.
Google Project Zero revealed 18 potential zero-day vulnerabilities in some phones using Samsung's Exynos modems. Of those, four allow hackers to remotely compromise the user's phone by just knowing their phone number. Google claims that experienced attackers would be able to “quickly create an operational exploit to compromise affected devices silently and remotely.”
Samsung Semiconductor has published an advisory containing a list of Exynos chipsets which are vulnerable to these issues. On the basis of information obtained from public sources, the following devices are likely to be affected: Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series; any wearables that use the Exynos W920 chipset; and any vehicles that use the Exynos Auto T5123 chipset.
Tim Willis, Head of Project Zero, said, “Due to a very rare combination of the level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution.” The remaining 14 vulnerabilities are not considered as severe, as they “require either a malicious mobile network operator or an attacker with local access to the device.”
Google has addressed one of the issues in the March 2023 Patch for its Pixel devices, but patch timelines will vary per manufacturer. Until affected manufacturers push software updates to their customers, Google recommends switching off Wi-Fi calling and Voice over LTE (VoLTE) in their device settings, which will “remove the exploitation risk of these vulnerabilities.”
Samsung has released a major security update that fixes the Android operating system flaw. The update also fixes 39 bugs from Google and another 11 that are specific to Samsung devices.
0. “Google issues ‘red alert’ to billions of Android phones – ignore ‘critical’ warning at your peril…” The Sun, 7 Mar. 2023, https://www.thesun.co.uk/tech/21623764/google-issues-red-alert-billions-android-phones/
1. “All Samsung Galaxy owners urged to download ‘critical' Android update today” The Mirror, 10 Mar. 2023, https://www.mirror.co.uk/tech/samsung-galaxy-android-urgent-update-29420597
2. “Billions of Android owners issued ‘critical’ Google warning – there’s no time to lose so check your phone n…” The US Sun, 10 Mar. 2023, https://www.the-sun.com/tech/7599354/android-phone-update-warning-march-2023-critical/
3. “Google: turn off Wi-Fi Calling and VoLTE in Pixel/Samsung devices affected by major security issues” Ghacks, 17 Mar. 2023, https://www.ghacks.net/2023/03/17/google-turn-off-wi-fi-calling-and-volte-in-pixel-samsung-devices-affected-by-major-security-issues/
4. “Nasty bug allows hackers to take over many Android phones. Here's what you can do.” Mashable, 17 Mar. 2023, https://mashable.com/article/android-phones-exynos-modem-bug
5. “Turn off 2 Pixel and Samsung Galaxy settings to prevent hackers from owning your phone” BGR, 17 Mar. 2023, https://bgr.com/tech/turn-off-2-pixel-and-samsung-galaxy-settings-to-prevent-hackers-from-owning-your-phone/
6. “Google advises Android users to take action after finding 18 zero-day vulnerabilities in popular phones” TechSpot, 17 Mar. 2023, https://www.techspot.com/news/97971-google-advises-android-users-take-action-after-finding.html
7. “Zero-day vulnerabilities in Exynos chipset allow hacking Samsung, Vivo and Pixel phones” Information Security Newspaper, 16 Mar. 2023, https://www.securitynewspaper.com/2023/03/16/zero-day-vulnerabilities-in-exynos-chipset-allow-hacking-samsung-vivo-and-pixel-phones
8. “Google finds 18 baseband zero-day bugs in Samsung Exynos chipsets” BleepingComputer, 16 Mar. 2023, https://www.bleepingcomputer.com/news/security/google-finds-18-baseband-zero-day-bugs-in-samsung-exynos-chipsets/
9. “PSA: Disable Wi-Fi Calling, VoLTE on Pixel & Samsung Phones IMMEDIATELY” WebProNews, 17 Mar. 2023, https://www.webpronews.com/psa-disable-wi-fi-calling-volte-on-pixel-samsung-phones-immediately/
10. “Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips” The Hacker News, 17 Mar. 2023, https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html
11. “Samsung Galaxy owners issued urgent warning to download ‘critical' Android update today” Daily Record, 10 Mar. 2023, https://www.dailyrecord.co.uk/lifestyle/samsung-galaxy-owners-issued-urgent-29421226