Google and Samsung Phones Have Severe Vulnerabilities (solved)

SpookDroid

Ambassador
Jul 14, 2011
19,378
690
113
Visit site
Well, as the article suggests...
What to do if your phone hasn’t received the update yet
It's important to note that turning off VoLTE and Wi-Fi calling should only be done temporarily until your phone receives the necessary security patch. Once you've applied the update, it's safe to turn these features back on.

The patch was released with the March security update, and your particular device being a mid-tier Samsung phone, so it's not high on their update list. That being said, flagships have already started getting the March update, so it shouldn't take long for it to trickle down to the mid-tier (especially since the OneUI versions are the same).

Additionally, if you have a carrier-branded phone, this may take even longer as the update will not come from Samsung directly, but through your carrier.
 
  • Like
Reactions: Laura Knotek

f23948

Well-known member
Oct 2, 2021
133
9
18
Visit site
Well, as the article suggests...


The patch was released with the March security update, and your particular device being a mid-tier Samsung phone, so it's not high on their update list. That being said, flagships have already started getting the March update, so it shouldn't take long for it to trickle down to the mid-tier (especially since the OneUI versions are the same).

Additionally, if you have a carrier-branded phone, this may take even longer as the update will not come from Samsung directly, but through your carrier.

Turn off my WiFi calling but keep My WiFi on, is that correct?
 

rvbfan

Well-known member
Jan 17, 2015
1,891
1,687
113
Visit site
Or don't pass out your phone #. Maybe don't do your banking on your phone. Don't save passwords on your phone, there really are many things you can do to mitigate this. They can hack my phone, all they'll get is bupkiss.

Sent from my Pixel 6 using Tapatalk
 

f23948

Well-known member
Oct 2, 2021
133
9
18
Visit site
Or don't pass out your phone #. Maybe don't do your banking on your phone. Don't save passwords on your phone, there really are many things you can do to mitigate this. They can hack my phone, all they'll get is bupkiss.

Sent from my Pixel 6 using Tapatalk

Should I uninstall 1Password app until there's software update?
 

SpookDroid

Ambassador
Jul 14, 2011
19,378
690
113
Visit site
Nope. Your password vault is encrypted (but if you feel paranoid, just make sure you keep your vault locked and require authentication every time you need it).

Now, remember, this is a reported flaw and a major one, it is NOT a currently-exploited vulnerability and also not an easy one to use (additionally, technical details were left out of the report for this reason). As Project Zero's Tim Willis sates:
With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.
.

In a nutshell, don't panic. Take caution, but by no means freak out and wipe out your phone for this. Just flip that switch if you're feeling anxious about it until the patch comes along.
 
  • Like
Reactions: Laura Knotek

joeldf

Well-known member
Dec 19, 2011
1,280
713
113
Visit site
I was a bit confused when I first read about this. I was thinking, "how do the Pixel phones have anything to with Samsung's Exynos chips".

I had to look it up to find out that Google's Tensor SOC is a tweaked Exynos. I somehow missed that bit of news. But then, I really don't follow Google's phone development that closely so it was probably easy for me to miss it.
 
  • Like
Reactions: Laura Knotek

SpookDroid

Ambassador
Jul 14, 2011
19,378
690
113
Visit site
Not sure exactly what you're asking, but banking with the added layer of the ESET protection should be still good (overkill, but good). Again, I think you may be taking this out of proportion and thinking it's an immediately-compromised, all-data-stealing flaw in the code when it is NOT actively being attacked nor is it an easy thing to do. If you are feeling nervous about it, follow the WiFi-calling suggestions but other than that, your device is as secure as before.
 
  • Like
Reactions: rvbfan and f23948

f23948

Well-known member
Oct 2, 2021
133
9
18
Visit site
Not sure exactly what you're asking, but banking with the added layer of the ESET protection should be still good (overkill, but good). Again, I think you may be taking this out of proportion and thinking it's an immediately-compromised, all-data-stealing flaw in the code when it is NOT actively being attacked nor is it an easy thing to do. If you are feeling nervous about it, follow the WiFi-calling suggestions but other than that, your device is as secure as before.
Oh ok thank you. I'm going to use 1Password and ESET payment protection
 

Trending Posts

Forum statistics

Threads
946,068
Messages
6,926,240
Members
3,160,068
Latest member
alexmorse42