• About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer
TeqGo.com - Tech news
  • News

    How can I save money on Starbucks?

    Do Starbucks workers get stock?

    Can Starbucks hire you at 15?

    Does Starbucks give coffee to employees?

    Why don t Starbucks employees get tips?

    How many stocks do Starbucks partners get?

  • Computer
    How to Realistically Change Hair Color in Photoshop

    How to Realistically Change Hair Color in Photoshop

    How to Blend Images in Photoshop

    How to Outline an Image in Photoshop

    How to Add Texture to an Image in Photoshop

    How to Add Texture to an Image in Photoshop

    How to Export a GIF in Photoshop

    How to Export a GIF in Photoshop

    How to Merge Layers in Photoshop

    How to Undo and Redo in Photoshop

    How to Create a Collage in Photoshop

    How to Create a Collage in Photoshop

  • Gear
    Apple Watch –  Beginners Guide

    Apple Watch – Beginners Guide

    Personal WiFi Routers Help Bring Secure Data Wherever You Are

    Personal WiFi Routers Help Bring Secure Data Wherever You Are

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Mobile
  • Review
    How To Force Reboot Your Apple Watch (And Why You Might Need To)

    Ccleaner for Mac Review

    Adobe Audition Review

    Adobe Audition Review

    Audacity Review

    Audacity Review

    Tenorshare 4MeKey Review

    Tenorshare 4MeKey Review

    Tenorshare ReiBoot Review

    Tenorshare ReiBoot Review

    DxO PureRaw Review

    DxO PureRaw Review

No Result
View All Result
  • News

    How can I save money on Starbucks?

    Do Starbucks workers get stock?

    Can Starbucks hire you at 15?

    Does Starbucks give coffee to employees?

    Why don t Starbucks employees get tips?

    How many stocks do Starbucks partners get?

  • Computer
    How to Realistically Change Hair Color in Photoshop

    How to Realistically Change Hair Color in Photoshop

    How to Blend Images in Photoshop

    How to Outline an Image in Photoshop

    How to Add Texture to an Image in Photoshop

    How to Add Texture to an Image in Photoshop

    How to Export a GIF in Photoshop

    How to Export a GIF in Photoshop

    How to Merge Layers in Photoshop

    How to Undo and Redo in Photoshop

    How to Create a Collage in Photoshop

    How to Create a Collage in Photoshop

  • Gear
    Apple Watch –  Beginners Guide

    Apple Watch – Beginners Guide

    Personal WiFi Routers Help Bring Secure Data Wherever You Are

    Personal WiFi Routers Help Bring Secure Data Wherever You Are

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Mobile
  • Review
    How To Force Reboot Your Apple Watch (And Why You Might Need To)

    Ccleaner for Mac Review

    Adobe Audition Review

    Adobe Audition Review

    Audacity Review

    Audacity Review

    Tenorshare 4MeKey Review

    Tenorshare 4MeKey Review

    Tenorshare ReiBoot Review

    Tenorshare ReiBoot Review

    DxO PureRaw Review

    DxO PureRaw Review

No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

Google tells users of some Android phones: Nuke voice calling to avoid infection

Staff by Staff
March 18, 2023
Google tells users of some Android phones: Nuke voice calling to avoid infection
Share on FacebookShare on Twitter


Enlarge / Images of the Samsung Galaxy S21, which runs with an Exynos chipset.

Samsung

Google is urging owners of certain Android phones to take urgent action to protect themselves from critical vulnerabilities that give skilled hackers the ability to surreptitiously compromise their devices by making a specially crafted call to their number.  It’s not clear if all actions urged are even possible, however, and even if they are, the measures will neuter devices of most voice-calling capabilities.

The vulnerability affects Android devices that use the Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5123 chipsets made by Samsung’s semiconductor division. Vulnerable devices include the Pixel 6 and 7, international versions of the Samsung Galaxy S22, various mid-range Samsung phones, the Galaxy Watch 4 and 5, and cars with the Exynos Auto T5123 chip. These devices are ONLY vulnerable if they run the Exynos chipset, which includes the baseband that processes signals for voice calls. The US version of the Galaxy S22 runs a Qualcomm Snapdragon chip.

A bug tracked as CVE-2023-24033 and three others that have yet to receive a CVE designation make it possible for hackers to execute malicious code, Google’s Project Zero vulnerability team reported on Thursday. Code-execution bugs in the baseband can be especially critical because the chips are endowed with root-level system privileges to ensure voice calls work reliably.

“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Project Zero’s Tim Willis wrote. “With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”

Advertisement

Earlier this month, Google released a patch for vulnerable Pixel 7 models, but fixes for Pixel 6 models have yet to be delivered to many, if not all, users (the Project Zero post incorrectly states otherwise). Samsung has released an update patching CVE-2023-24033, but it has not yet been delivered to end users. There’s no indication Samsung has issued patches for the other three critical vulnerabilities. Until vulnerable devices are patched, they remain vulnerable to attacks that give access at the deepest level possible.

The threat prompted Willis to put this advice at the very top of Thursday’s post:

Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.

The problem is, it’s not entirely clear that it’s possible to turn off VoLTE, at least on many models. A screenshot one S22 user posted to Reddit last year shows that the option to turn off VoLTE is grayed out. While that user’s S22 was running a Snapdragon chip, the experience for users of Exynos-based phones is likely the same.

And even if it is possible to turn off VoLTE, doing so in conjunction with turning off Wi-Fi turns phones into little more than tiny tablets running Android. VoLTE came into widespread use a few years ago, and since then most carriers in North America have stopped supporting older 3G and 2G frequencies.

Samsung representatives said in an email that the company in March released security patches for five of six vulnerabilities that “may potentially impact select Galaxy devices” and will patch the sixth flaw next month. The email didn’t answer questions asking if any of the patches are available to end users now or whether it’s possible to turn off VoLTE. The email also failed to make clear that patches have yet to be delivered to end users.

Advertisement

A Google representative, meanwhile, declined to provide the specific steps for carrying out the advice in the Project Zero writeup. That means Pixel 6 users have no actionable mitigation steps while they wait an updated for their devices. Readers who figure out a way are invited to explain the process (with screenshots, if possible) in the comments section.

Because of the severity of the bugs and the ease of exploitation by skilled hackers, Thursday’s post omitted technical details. In its product security update page, Samsung described CVE-2023-24033 as a “memory corruption when processing SDP attribute accept-type.”

“The baseband software does not properly check the format types of accept-type attribute specified by the SDP, which can lead to a denial of service or code execution in Samsung Baseband Modem,” the advisory added. “Users can disable WiFi calling and VoLTE to mitigate the impact of this vulnerability.”

Short for the Session Description Protocol, SDP is a mechanism for establishing a multimedia session between two entities. Its main use is supporting streaming VoIP calls and video conferencing. SDP uses a offer/answer model in which one party advertises a description of a session and the other party answers with the desired parameters.

The threat is serious, but once again, it applies only to people using an Exynos version of one of the affected models.

Until Samsung or Google says more, users of devices that remain vulnerable should (1) install all available security updates with a close eye out for one patching CVE-2023-24033, (2) turn off Wi-Fi calling, and (3) explore the settings menu of their specific model to see if it’s possible to turn off VoLTE. This post will be updated if either company responds with more useful information.

Post updated to correct the definition of SDP.





Source link

Staff

Staff

Next Post
Apple Is Testing 'Natural Language Generati...

Apple Is Testing 'Natural Language Generati...

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Ryobi Just Introduced 17 New Products To Its Lineup – Here Are Our Favorites
  • Clever Ryobi Products Everybody At The Tailgate Will Be Jealous Of You For Having
  • How to Realistically Change Hair Color in Photoshop
  • How to Outline an Image in Photoshop
  • How to Add Texture to an Image in Photoshop
  • How to Export a GIF in Photoshop
  • How To Spot Fake Customer Reviews When Buying Tech Gadgets Online
  • 5 Of The Best Apple Watch Apps For Hikers
  • How To Make Your iPhone’s Screen Black And White (And Why You Should)
  • About us
  • Privacy Policy and Disclaimer
  • Software Reporter Tool
  • Numizmatika
  • Pro Tools Guide
  • Contact Us

© 2019-2023 TEQGo.com

No Result
View All Result
  • Review
  • Computer
  • News
  • Gear

© 2019-2023 TEQGo.com