How to Check if Your Phone is Affected by the Android Wi-Fi Calling Security Flaw CVE-2023-24033
Why Google is Urging Android Phone users to Switch off Wi-Fi Calling
If you own an Android phone that uses a Samsung Exynos chipset, you might want to pay attention to this. Google has recently discovered multiple security flaws in these chipsets that could allow hackers to take over your phone remotely by just making a call to your number. Sounds scary, right? Well, it is. Here’s what you need to know about this serious threat and how you can protect yourself.
What are the security flaws and how do they work?
The security flaws are located in the baseband of the Exynos chipset, which is responsible for processing voice calls. The baseband is a crucial component of any phone, as it connects it to the cellular network and enables communication. However, it also has privileged access to the phone’s hardware and software, which makes it a tempting target for hackers.
Google’s Project Zero team, which specializes in finding and reporting zero-day vulnerabilities (i.e., flaws that are unknown to the vendor and have no patch available), has identified four such flaws in Samsung’s Exynos chipsets between late 2022 and early 2023. One of them has been assigned a CVE identifier (CVE-2023-24033), while the other three are still unnamed.
According to Project Zero’s Tim Willis, these four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. The attacker can then execute malicious code on the phone, access its data, spy on its activities, or even brick it.
The attack works by exploiting a weakness in how the baseband handles Wi-Fi calling and Voice-over-LTE (VoLTE) protocols. These protocols allow users to make high-quality voice calls over Wi-Fi or 4G networks instead of using traditional cellular signals. However, they also introduce new attack vectors for hackers who can craft specially designed calls that trigger buffer overflows or memory corruption errors in the baseband firmware.
Which Devices are Affected and How can you Check?
The vulnerability affects only those devices that use Samsung’s Exynos chipsets made by its semiconductor division. This means that some of the most popular Android phones on the market are at risk, including:
- Samsung Galaxy phones including the international version of the S22
- Pixel 6 and 7, including pro models
- Any automobiles that rely on the Exynos Auto T5123 chipset
- Galaxy Watch 4 and 5
- Wearable devices that contain the Exynos W920 based motherboard
To check if your device uses an Exynos chipset, you can use an app like CPU-Z or Device Info HW from Google Play Store. Alternatively, you can look up your device model online and see what kind of processor it has.
Note that not all Samsung devices use Exynos chipsets. For example, the US version of Samsung Galaxy S22 uses a Qualcomm Snapdragon chipset instead, which is not affected by this vulnerability.
How can you protect yourself until a patch is available?
Google has already released a patch for vulnerable Pixel models earlier this month. Samsung has also developed a patch for CVE-2023-24033 (the most critical flaw), but it has not yet delivered it to end users. There is no word on when patches for the other three flaws will be ready or distributed.
Until then, Google advises users who wish to protect themselves from these baseband remote code execution vulnerabilities to turn off Wi-Fi calling and VoLTE in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities but will also reduce your device’s calling capabilities.
However, some users have reported that they cannot turn off VoLTE on their devices because there is no option available in their settings. This could be due to carrier restrictions or firmware limitations. In that case, there is not much you can do except wait for an update from Samsung or your carrier.
Another possible mitigation strategy is to use a VPN service when connecting to public Wi-Fi networks or untrusted cellular networks. A VPN encrypts your internet traffic and prevents hackers from intercepting or tampering with it. However, this may not be enough to stop sophisticated attackers who can bypass VPNs or target other parts of your device.
Explore Related Articles
Is Housing Recession Beginning a Sign Mass Layoffs are Next?
In America the Housing market can sometimes be the first sign of a larger scale economic disaster on the horizon. When economic collapse slowly happens the people who suffer the most are the average middle class Americans who are basically living from check to check. Based on the what...
Here’s How Supreme Court Blocking Joe Biden’s Vaccine Mandate for Large...
When Joe Biden announced his vaccine mandate for businesses with 100 or more employees last year, it was move seen by many as tyrannical. At the time it seemed like Joe Biden felt he was as dictator who could force people to put something inside their bodies. When many...
Why are Billionaires Building Underground Bunkers in 2023? Meek Mill Fuels...
The rapper Meek Mill is known for his outspoken views on social media, but his latest tweet has sparked a wave of speculation and controversy among his fans and followers. Meek Mill reacted to the news that Mark Zuckerberg, the founder of Meta (formerly Facebook), is reportedly building a...