Critical Android Bug Prompts Samsung Users to Update Devices

Samsung users have been warned to update their devices or risk being hacked due to a critical flaw in the Android operating system.[0] Google, the owner and developer of this software, has just released a patch to fix a number of vulnerabilities, one of which has been rated as ‘critical’.[1] If exploited, this bug could allow cyber criminals to gain remote access to devices and install malware.[2]

Google Project Zero revealed 18 potential zero-day vulnerabilities in some phones using Samsung's Exynos modems.[3] Of those, four allow hackers to remotely compromise the user's phone by just knowing their phone number.[4] Google claims that experienced attackers would be able to “quickly create an operational exploit to compromise affected devices silently and remotely.”[5]

Samsung Semiconductor has published an advisory containing a list of Exynos chipsets which are vulnerable to these issues.[6] On the basis of information obtained from public sources, the following devices are likely to be affected: Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series; any wearables that use the Exynos W920 chipset; and any vehicles that use the Exynos Auto T5123 chipset.[7]

Tim Willis, Head of Project Zero, said, “Due to a very rare combination of the level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution.”[8] The remaining 14 vulnerabilities are not considered as severe, as they “require either a malicious mobile network operator or an attacker with local access to the device.”[9]

Google has addressed one of the issues in the March 2023 Patch for its Pixel devices, but patch timelines will vary per manufacturer.[3] Until affected manufacturers push software updates to their customers, Google recommends switching off Wi-Fi calling and Voice over LTE (VoLTE) in their device settings, which will “remove the exploitation risk of these vulnerabilities.”[10]

Samsung has released a major security update that fixes the Android operating system flaw. The update also fixes 39 bugs from Google and another 11 that are specific to Samsung devices.[11]

0. “Google issues ‘red alert’ to billions of Android phones – ignore ‘critical’ warning at your peril…” The Sun, 7 Mar. 2023, https://www.thesun.co.uk/tech/21623764/google-issues-red-alert-billions-android-phones/

1. “All Samsung Galaxy owners urged to download ‘critical' Android update today” The Mirror, 10 Mar. 2023, https://www.mirror.co.uk/tech/samsung-galaxy-android-urgent-update-29420597

2. “Billions of Android owners issued ‘critical’ Google warning – there’s no time to lose so check your phone n…” The US Sun, 10 Mar. 2023, https://www.the-sun.com/tech/7599354/android-phone-update-warning-march-2023-critical/

3. “Google: turn off Wi-Fi Calling and VoLTE in Pixel/Samsung devices affected by major security issues” Ghacks, 17 Mar. 2023, https://www.ghacks.net/2023/03/17/google-turn-off-wi-fi-calling-and-volte-in-pixel-samsung-devices-affected-by-major-security-issues/

4. “Nasty bug allows hackers to take over many Android phones. Here's what you can do.” Mashable, 17 Mar. 2023, https://mashable.com/article/android-phones-exynos-modem-bug

5. “Turn off 2 Pixel and Samsung Galaxy settings to prevent hackers from owning your phone” BGR, 17 Mar. 2023, https://bgr.com/tech/turn-off-2-pixel-and-samsung-galaxy-settings-to-prevent-hackers-from-owning-your-phone/

6. “Google advises Android users to take action after finding 18 zero-day vulnerabilities in popular phones” TechSpot, 17 Mar. 2023, https://www.techspot.com/news/97971-google-advises-android-users-take-action-after-finding.html

7. “Zero-day vulnerabilities in Exynos chipset allow hacking Samsung, Vivo and Pixel phones” Information Security Newspaper, 16 Mar. 2023, https://www.securitynewspaper.com/2023/03/16/zero-day-vulnerabilities-in-exynos-chipset-allow-hacking-samsung-vivo-and-pixel-phones

8. “Google finds 18 baseband zero-day bugs in Samsung Exynos chipsets” BleepingComputer, 16 Mar. 2023, https://www.bleepingcomputer.com/news/security/google-finds-18-baseband-zero-day-bugs-in-samsung-exynos-chipsets/

9. “PSA: Disable Wi-Fi Calling, VoLTE on Pixel & Samsung Phones IMMEDIATELY” WebProNews, 17 Mar. 2023, https://www.webpronews.com/psa-disable-wi-fi-calling-volte-on-pixel-samsung-phones-immediately/

10. “Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips” The Hacker News, 17 Mar. 2023, https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html

11. “Samsung Galaxy owners issued urgent warning to download ‘critical' Android update today” Daily Record, 10 Mar. 2023, https://www.dailyrecord.co.uk/lifestyle/samsung-galaxy-owners-issued-urgent-29421226

Click Here to Leave a Comment Below 0 comments