wtogami on Nostr: According to Google Project Zero they discovered 0-day "Internet-to-baseband remote ...
According to Google Project Zero they discovered 0-day "Internet-to-baseband remote code execution" affecting many millions of Samsung and Pixel 6+ modems.
Read it for yourself. It sounds very bad. If you have an affected phone you may want to turn off your SIM card because the recommended "turn off VoLTE and WiFi calling" is impossible for many of these phones after they removed the VoLTE option back in 2021.
Only thing you can do is turn it off and put pressure on the vendors to fix it.
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
The writer claims it's already patched by Google in the March 2023 patch level. Unfortunately that patch had been withheld from Pixel 6* due to bugs so the blog is incorrect about this already being fixed for Pixel owners.
It sounds like Samsung has a much bigger mess due to the wider variety of phones, firmwares, and providers for which they must now rush an update without breaking it. Not an easy task but they must do it.
Don't blame Google for releasing this advisory. Samsung had months to respond in a timely manner.
Do blame Google for failing to protect their own customers prior to their own advisory. I like Pixel and I want them to do better.
Read it for yourself. It sounds very bad. If you have an affected phone you may want to turn off your SIM card because the recommended "turn off VoLTE and WiFi calling" is impossible for many of these phones after they removed the VoLTE option back in 2021.
Only thing you can do is turn it off and put pressure on the vendors to fix it.
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
The writer claims it's already patched by Google in the March 2023 patch level. Unfortunately that patch had been withheld from Pixel 6* due to bugs so the blog is incorrect about this already being fixed for Pixel owners.
It sounds like Samsung has a much bigger mess due to the wider variety of phones, firmwares, and providers for which they must now rush an update without breaking it. Not an easy task but they must do it.
Don't blame Google for releasing this advisory. Samsung had months to respond in a timely manner.
Do blame Google for failing to protect their own customers prior to their own advisory. I like Pixel and I want them to do better.