From CNET: Google is warning owners of some Samsung, Vivo and Pixel phones that a series of exploits enable bad actors to compromise devices simply by knowing phone numbers -- and the device owners wouldn't notice a thing.
Project Zero, Google's in-house team of cybersecurity experts and analysts, described in a blog post 18 different potential exploits in some phones using Samsung's Exynos modems. These exploits are so severe that they should be treated as zero-day vulnerabilities (indicating they should be fixed immediately). With four of these exploits, an attacker has to have only the right phone number to get access to data flowing in and out of a device's modem, like phone calls and text messages.
The other 14 exploits are less worrisome, since they require more effort to expose their vulnerability -- attackers would need access to the device locally or to a cell carrier's systems, as TechCrunch noted.
Owners of affected devices should install upcoming security updates as soon as possible, though it's up to the phone makers to decide when a software patch will come out for each device. In the meantime, Google says device owners can avoid being targeted by these exploits by turning off Wi-Fi calling and Voice-over-LTE, or VoLTE, in their device settings.
View: Full Article