Android phones can be hacked just by someone knowing your phone number • Graham Cluley

Properly, this isn’t good.

Google has issued a warning that some Android telephones might be hacked remotely, with out the supposed sufferer having to click on on something.

If an assault is profitable, the hacker might entry knowledge going via the Samsung Exynos chipsets utilized in many gadgets, scooping up name data and textual content messages.

And what does a hacker must find out about you to focus on your telephone?

Your telephone quantity.

That’s it. All they should know is your Android system’s telephone quantity.

Frankly, that’s horrific. It’s straightforward to think about how such a safety downside could possibly be exploited by – oh, I don’t know – state-sponsored hackers.

Signal as much as our e-newsletter
Safety information, recommendation, and ideas.

In all, safety boffins working in Google’s Undertaking Zero workforce say that they’ve uncovered a complete of 18 zero-day vulnerabilities in some telephones’ built-in Exynos modem – with 4 of the vulnerabilities being notably extreme:

Checks performed by Undertaking Zero affirm that these 4 vulnerabilities enable an attacker to remotely compromise a telephone on the baseband stage with no person interplay, and require solely that the attacker know the sufferer’s telephone quantity. With restricted extra analysis and growth, we consider that expert attackers would be capable of rapidly create an operational exploit to compromise affected gadgets silently and remotely.

In line with the researchers, the opposite vulnerabilities require both a malicious cellular community operator or an attacker with bodily entry to the Android system.

Susceptible gadgets embrace:

Samsung smartphones, together with these within the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 sequence;
Vivo smartphones, together with these within the S16, S15, S6, X70, X60 and X30 sequence;
Google Pixel 6 and Pixel 7 gadgets; and
any autos that use the Exynos Auto T5123 chipset.

It’s price noting that some gadgets will probably be utilizing the Qualcomm chipset and modem, which doesn’t endure from the identical vulnerabilities because the one from Exynos.

In fact, Google’s Undertaking Zero vulnerability-hunters haven’t any qualms about going into nice element of how safety holes might be exploited, and usually shares such data 90 days publicly after informing related software program or {hardware} distributors of the issue.

On this case, nonetheless, Google’s workforce seems to recognise that public disclosure at this stage may truly trigger vital issues:

Underneath our customary disclosure coverage, Undertaking Zero discloses safety vulnerabilities to the general public a set time after reporting them to a software program or {hardware} vendor. In some uncommon instances the place we’ve assessed attackers would profit considerably greater than defenders if a vulnerability was disclosed, we’ve made an exception to our coverage and delayed disclosure of that vulnerability.

On account of a really uncommon mixture of stage of entry these vulnerabilities present and the pace with which we consider a dependable operational exploit could possibly be crafted, we’ve determined to make a coverage exception to delay disclosure for the 4 vulnerabilities that enable for Web-to-baseband distant code execution.

In case you have an affected Google Pixel system, there’s excellent news. Google has already issued a safety patch to your smartphone with its March 2023 safety replace.

Nevertheless, should you’re the proprietor of a susceptible Samsung smartphone, fixes nonetheless aren’t out there in accordance with no less than one Google Undertaking Zero researcher.

Finish-users nonetheless haven’t got patches 90 days after report…. https://t.co/dkA9kuzTso

— Maddie Stone (@maddiestone) March 16, 2023

So what do you have to do in case your system hasn’t been patched?

Google’s advice is that you simply change your system’s settings to modify off Wi-Fi calling and Voice over LTE (VoLTE), till a repair to your smartphone is accessible.

Discovered this text attention-grabbing? Follow Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we submit.

Graham Cluley is a veteran of the anti-virus business having labored for numerous safety corporations because the early Nineteen Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an impartial safety analyst, he often makes media appearances and is a global public speaker on the subject of laptop safety, hackers, and on-line privateness.
Observe him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an electronic mail.

–

Android phones can be hacked just by someone knowing your phone number • Graham Cluley

Twitter ends free SMS 2FA: Here’s how you can protect your account now | Intellect Tech

Here’s how you can join the waitlist for early access to Google’s AI chatbot Bard | Battle Tech

Innovative Tools for Maximizing Efficiency in Color Grading with AI | Power Tech

The Ultimate Guide to Podcast Marketing for B2B Companies | Pirate Tech

Russia’s iPhone ban and the digital supply chain | Tech Do

Big Four publishers move to crush the Internet Archive • The Register | Augur Tech

Italian agency warns ransomware targets known VMware vulnerability | Sprite Tech

Marketing Emails That Will Boost Your Event Sales | Mod Tech

Why Local SEO is Important for Your Business | Savvy Tech

Android phones can be hacked just by someone knowing your phone number • Graham Cluley | Mage Tech