News Devices

Share:

Share via email - Check this list - Phones vulnerable to a new no-click hack Share on Facebook - Check this list - Phones vulnerable to a new no-click hack Share on LinkedIn - Check this list - Phones vulnerable to a new no-click hack Share on X - Check this list - Phones vulnerable to a new no-click hack

Check this list – Phones vulnerable to a new no-click hack

Android no-click flaw
© Daniel Chetroni | Dreamstime.com

Researchers recently discovered that certain mobile phones suffer from a severe flaw where no user interaction is required to be hacked. These are called no-click hacks, and often the criminal only needs to know the target’s phone number.

Read on to see how these attacks work and what you can do to stay safe.

Android phones with dangerous zero-day flaws

Google’s Project Zero is an initiative from the tech giant to hunt down zero-day flaws in the Android operating system, Chrome and other apps. A zero-day vulnerability is one that’s previously unknown to security teams that work with the impacted software. 

Project Zero recently disclosed it found 18 zero-day vulnerabilities in Exynos Modems produced by Samsung. Of the lot, four vulnerabilities are rated severe and used for internet-to-baseband remote code execution.

Project Zero confirms that “those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker knows the victim’s phone number.”

Here are the mobile phones and other tech that potentially suffer from the flaw:

  • Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
  • Vivo S16, S15, S6, X70, X60 and X30 series.
  • Google Pixel 6 and Pixel 7 series.
  • Any wearables that use the Exynos W920 chipset.
  • Any vehicles that use the Exynos Auto T5123 chipset.

NOTE: Some phones on the list are sold in Europe with a Qualcomm chipset and modem rather than Exynos.

How to protect against this vulnerability

While there isn’t an official fix, there is a setting you can turn off that prevents the exploitation of the vulnerability. Project Zero suggests turning off Wi-Fi calling and Voice-over-LTE (VoLTE) to “remove the exploitation risk.”

However, if you own a Google Pixel phone, you must update it to the latest version, released earlier this month. The update includes a patch for this problem.

Here’s how to turn off Wi-Fi calling on your Android device:

  • Open the Settings app.
  • Tap Connections and then tap Wi-Fi Calling.
  • Toggle the switch to turn the feature off.

On some models, you can swipe down from the top of the screen and tap the Wi-Fi Calling icon to turn it off.

Keep reading

Here’s what Samsung knows about you – and how to delete it

Don’t want to use Google Pay? Samsung has its own digital wallet app

Tags: Android, Google Pixel, mobile phones, operating system, Project Zero, remote code execution, Samsung, security, vulnerabilities, wearables, zero-day flaws

Share:

Share via email - Check this list - Phones vulnerable to a new no-click hack Share on Facebook - Check this list - Phones vulnerable to a new no-click hack Share on LinkedIn - Check this list - Phones vulnerable to a new no-click hack Share on X - Check this list - Phones vulnerable to a new no-click hack