Millions of Android users told to switch off two dangerous settings NOW as Google issues ‘severe’ alert
GOOGLE has warned Android users over a string of "severe" cyber flaws that can give hackers access to their phones.
However, only a select few Android devices are impacted.
The vulnerabilities impact phones as well as cars, according to Google's Project Zero team, which is dedicated to security research.
This includes the Pixel 6 and Pixel 7 devices from Google and Samsung's S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 devices.
Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series, are affected.
Any vehicles that use an Exynos Auto T5123 chipset are also at risk.
READ MORE ON GOOGLE
The devices that are impacted to use one of Samsung's modems, and many S22 phones sold outside of Europe and some African countries have a Qualcomm modem instead - and, therefore, should be safe.
Owners of these devices have been urged to turn off two features in their Settings: Wi-Fi calling and Voice-over-LTE.
This can help lock out hackers while Samsung's cyber staff work on a fix for the flaw.
Members of Google's Project Zero team found the four "severe" vulnerabilities alongside 14 others.
Most read in Tech
The four worst cyber flaws give hackers access to the devices through the phone number alone and without any user interaction, also known as "Internet-to-baseband remote code execution".
While the fourteen other vulnerabilities are less severe because they require either a malicious mobile network operator or an attacker with local access to the device.
Luckily for Pixel owners, their devices have already received a fix security update.
But others with affected devices must protect themselves by tweaking these two features: turning off Wi-Fi calling and Voice-over-LTE in Settings.
"As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities," the team wrote.
Google are usually hot on sending alerts out to Android users - with one exception.
"In some rare cases where we have assessed attackers would benefit significantly more than defenders if a vulnerability was disclosed, we have made an exception to our policy and delayed disclosure of that vulnerability," the team explained.
"Due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution."
This means Google has 90days to publicly disclose flaws if they remain unfixed.
There are just four of the 14 less severe vulnerabilities that haven't been patched yet according to Google, which Samsung is responsible for.
A spokesperson for Samsung said: "Samsung takes the safety of our customers very seriously.
"After determining six vulnerabilities may potentially impact select Galaxy devices, of which none were 'severe', Samsung released security patches for five of these in March.
READ MORE SUN STORIES
"Another security patch will be released in April to address the remaining vulnerability.
"As always, we recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible."
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you've been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]