Millions of Android users have been urged to turn off two dangerous settings NOW as Google issues a ‘severe’ warning
GOOGLE has warned Android users about a series of “serious” cyber bugs that can give hackers access to their phones.
However, only a select few Android devices are affected.
According to Google’s Project Zero team, which is dedicated to security research, the vulnerabilities affect both phones and cars.
These include Google’s Pixel 6 and Pixel 7 devices, and Samsung’s S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 devices.
Vivo mobile devices are affected, including the S16, S15, S6, X70, X60 and X30 series.
All vehicles using an Exynos Auto T5123 chipset are also at risk.
The affected devices use one of the Samsung modems, and many S22 phones sold outside of Europe and some African countries have a Qualcomm modem instead – and should therefore be safe.
Owners of these devices were asked to turn off two features in their settings: Wi-Fi calling and Voice over LTE.
This can help lock out hackers while Samsung’s cyber workers work on a fix to the error.
Members of Google’s Project Zero team found the four “severe” vulnerabilities along with 14 others.
The four worst cyber vulnerabilities allow hackers to access the devices using phone number alone and without user interaction, also known as “Internet-to-Baseband Remote Code Execution”.
While the fourteen other vulnerabilities are less severe as they require either a malicious mobile network operator or an attacker with local access to the device.
Luckily for Pixel owners, their devices have already received a fix security update.
But others with affected devices need to protect themselves by tweaking these two features: disabling Wi-Fi calling and Voice over LTE in Settings.
“As always, we encourage end users to update their devices as soon as possible to ensure they are running the latest builds that address both disclosed and undisclosed security vulnerabilities,” the team wrote.
Google is usually keen on sending notifications to Android users – with one exception.
“In a few rare cases where we determined that attackers would benefit significantly more than defenders if a vulnerability were disclosed, we made an exception to our policy and delayed disclosure of that vulnerability,” the team explained.
“Due to a very rare combination of the level of access these vulnerabilities offer and the speed with which we believe a reliable operational exploit could be created, we decided to make a policy exception to limit disclosure for the four vulnerabilities to delay the Internet to enable baseband remote code execution.”
This means that Google has 90 days to make bugs public if they don’t fix them.
According to Google, only four of the 14 less serious vulnerabilities for which Samsung is responsible have not yet been patched.
A Samsung spokesman said: “Samsung takes the security of our customers very seriously.
“After determining that six vulnerabilities could potentially impact select Galaxy devices, none of which were ‘severe’, Samsung released security patches for five of them in March.
“Another security patch will be released in April to fix the remaining vulnerability.
“As always, we encourage all users to keep their devices updated with the latest software to ensure the highest level of protection.”
The best tips and hacks for phones and gadgets
Looking for tips and hacks for your phone? Want to find these secret features in social media apps? We’ve got you covered…
Get the latest news about WhatsApp, Instagram, Facebook and other tech gadgets here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at firstname.lastname@example.org
https://www.thesun.ie/tech/10400736/android-switch-off-two-dangerous-settings-google-alert/ Millions of Android users have been urged to turn off two dangerous settings NOW as Google issues a ‘severe’ warning