Close

What are you looking for?

cancel
Showing results for 
Search instead for 
Did you mean: 

Original topic:

Millions of smartphone users at risk of serious security flaw

(Topic created on: 24-08-2023 08:47 PM)
716 Views
GMEDIA
Pioneer
Options

Millions of smartphone users at risk of serious security flaw if they don't turn off




How to turn off Wi-Fi calling

  • • Press the phone icon.
  • • Press the menu icon.
  • • Press Settings.
  • • Press the indicator next to "WiFi Calling" to turn the function on or off.
  • • Press the Home key to return to the home screen.
Which phones are affected?

  • Mobile devices from Samsung: S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
  • Mobile devices from Vivo: S16, S15, S6, X70, X60 and X30 series
  • Mobile devices from Google: Pixel 6 and Pixel 7 series
  • Any wearables that use the Exynos W920 chipset
  • Any vehicles that use the Exynos Auto T5123 chipset

Google warns users about 18 vulnerabilities in Samsung Exynos chipsets: Here’s the list of affected devices

 

Google security teams have found 18 vulnerabilities in Samsung Exynos chips used in leading Android smartphones and wearables. According to the security team, these exploits put the devices at risk of a security breach. 

Google security team's comments on dangerous vulnerabilities

According to Google's Project Zero Head, Tim Wills, the four most dangerous vulnerabilities 'allow for internet-to-baseband remote code execution'. The tests run by Google security teams confirmed that the four vulnerabilities could allow an attacker to remotely compromise a phone at the baseband level without user interaction. They only require a victim's phone number to do so. Google security researchers commented on the vulnerabilties found in the Samsung devices. They said, "We believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely."

"Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung's Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings," said Willis. If users turn off these settings, it will remove the exploitation risk of these vulnerabilities, he added.

List of affected devices by vulnerabilities in Samsung devices

The affected mobile devices are from Samsung, Vivo, and Google (Pixel 6 and Pixel 7 series). Furthermore, any wearables with the Exynos W920 chipset and vehicles with the Exynos Auto T5123 chipset are among the 'devices at risk'. Google's affected pixel devices have received a fix. However, the patch timelines for other brands will vary per manufacturer.

"As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities," said Google.

Based on the list of affected chipsets provided by Samsung, the list of affected devices includes but is likely not limited to:

  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
  • The Pixel 6 and Pixel 7 series of devices from Google;
  • Any wearables that use the Exynos W920 chipset; and
  • Any vehicles that use the Exynos Auto T5123 chipset 
0 Likes
7 REPLIES 7
keith30
Maestro
Options
Nothing new, been known for a while now and Samsung been dragging it's heels over a fix to effect devices. Google mentioned about this months ago and warned Samsung of the issue.
SocietyGirl
Community Manager
Options

Samsung takes the safety of our customers very seriously. After determining 6 vulnerabilities may potentially impact select Galaxy devices, of which none were 'severe', Samsung released security patches for 5 of these in March. Another security patch will be released in April to address the remaining vulnerability.

As always, we recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible.


Say hi to us on socials -  @SamsungUK


Badger42
Helping Hand
Options
Do we need to keep WiFi calling and VoLTE disabled until the remaining vulnerability has been fixed?
0 Likes
GMEDIA
Pioneer
Options
This is new security flaws 3days now.
While Pixel 6 and 7 handsets have already received a fix as part of March 2023 security updates, patches for other devices are expected to vary depending on the manufacturer's timeline.

Until then, users are recommended to switch off Wi-Fi calling and Voice over LTE (VoLTE) in their device settings to "remove the exploitation risk of these vulnerabilities."

johnoswestry
Navigator
Options
Great when you don't have mobile reception
danx55
Voyager
Options
hi guys... has this bug been fixed now? ... I've just had to enable wifi calling as have bad signal 😕
0 Likes
danx55
Voyager
Options
ah ok .. seems like it was fixed in march... and I've got a s21fe 5g ... so that is snap dragon
0 Likes