Check this list - Phones vulnerable to a new no-click hack
Researchers recently discovered that certain mobile phones suffer from a severe flaw where no user interaction is required to be hacked. These are called no-click hacks, and often the criminal only needs to know the target’s phone number.
Read on to see how these attacks work and what you can do to stay safe.
Android phones with dangerous zero-day flaws
Google’s Project Zero is an initiative from the tech giant to hunt down zero-day flaws in the Android operating system, Chrome and other apps. A zero-day vulnerability is one that’s previously unknown to security teams that work with the impacted software.
Project Zero recently disclosed it found 18 zero-day vulnerabilities in Exynos Modems produced by Samsung. Of the lot, four vulnerabilities are rated severe and used for internet-to-baseband remote code execution.
Project Zero confirms that “those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker knows the victim’s phone number.”
Here are the mobile phones and other tech that potentially suffer from the flaw:
- Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
- Vivo S16, S15, S6, X70, X60 and X30 series.
- Google Pixel 6 and Pixel 7 series.
- Any wearables that use the Exynos W920 chipset.
- Any vehicles that use the Exynos Auto T5123 chipset.
NOTE: Some phones on the list are sold in Europe with a Qualcomm chipset and modem rather than Exynos.
How to protect against this vulnerability
While there isn’t an official fix, there is a setting you can turn off that prevents the exploitation of the vulnerability. Project Zero suggests turning off Wi-Fi calling and Voice-over-LTE (VoLTE) to “remove the exploitation risk.”
However, if you own a Google Pixel phone, you must update it to the latest version, released earlier this month. The update includes a patch for this problem.
Researcher paid $60K for finding Facebook bug that let hackers spy on you
Software companies aren’t the only ones discovering bugs in their products. Security researchers often poke holes in well-known systems to find weaknesses, and when they do, they can sometimes profit handsomely.
That’s what being a bug bounty hunter is all about, and it’s a career that can pay off if you know what you’re doing. Tap or click here to see how much Apple will pay you to hack an iPhone.
Use Chrome for Android? Update now to patch zero-day flaw
Chrome is the most popular browser on the web by a huge margin, so it should come as no surprise that hackers are trying to crack it again.
They’re relying on a zero-day flaw found in the desktop and Android versions of Chrome this time. This comes just days after Google’s Project Zero team discovered a critical flaw in the browser’s sandbox mode. Tap or click here to see how to patch that bug.
Hackers exploiting new Windows vulnerability - Is your system at risk?
The biggest tech companies may be rivals, but that doesn’t mean they won’t help each other out once in a while. Project Zero, a group of bug-hunters working for Google, find dangerous security flaws for other companies all the time.