Google’s Project Zero, a well-known group of security researchers, recently issued a warning to Android phone users regarding the use of Wi-Fi calling.
The team confirmed that Samsung’s Exynos chipsets contain multiple vulnerabilities that enable “internet-to-baseband remote code execution,” which means hackers could potentially take remote control of certain Android phones.
Google’s Project Zero Warns of Android Vulnerabilities
The Google Project Zero team found multiple flaws in Samsung Exynos chipsets. Four of them could let hackers remotely compromise certain Android devices using only their phone numbers.
A Google team confirmed it had found multiple vulnerabilities in Exynos chipsets, made by Samsung. Of those, four can allow “Internet-to-baseband remote code execution,” giving hackers the ability to remotely compromise certain Android phones.https://t.co/PaCyBUWFzj
— WMBD News (@WMBDNews) March 22, 2023
These software flaws, known as zero-day vulnerabilities, have not yet been protected by a patch.
If left unchecked, skilled attackers could rapidly develop an operational exploit to compromise affected devices without being detected. Samsung has only released updates for a subset of the affected devices, leaving users vulnerable.
The remaining fourteen vulnerabilities discovered by Project Zero were deemed to be less severe. However, it is imperative to remain vigilant and take the necessary precautions to protect your devices from such attacks.
Protecting Your Android Phone from Potential Attacks
While Google’s Smartphones already have received a fix for the vulnerabilities, Samsung has only issued a patch for a portion of the vulnerabilities.
Affected devices may also include automobiles with an Exynos Auto T5123 chipset. Google advises Android users who have not recently updated their phones to disable Wi-Fi calling and Voice-over-LTE in the interim (VoLTE).
If you have an Android phone, you may want to stop using Wi-Fi calling, a team of security experts with Google warns. https://t.co/BDTxF8gXEo
— ABC4 News (@abc4utah) March 23, 2023
Wi-Fi calling and VoLTE are features that enable users to make calls and send text messages even when they are not connected to cellular service, by utilizing Wi-Fi networks or the LTE network instead.
By deactivating these features, users can prevent potential hackers from exploiting these vulnerabilities.
The Project Zero team recommends that users update their phones as soon as new patches and software are released to prevent potential attacks.