adplus-dvertising
Connect with us

Tech

Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs

Published

2 weeks ago

 on

Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control their handsets knowing just the phone number.

Between late 2022 and early this year, Google’s Project Zero found and reported 18 of these bugs in Samsung’s Exynos cellular modem firmware, according to Tim Willis, who heads the bug-hunting team. Four of the 18 zero-day flaws can allow internet-to-baseband remote code execution. The baseband, or modem, portion of a device typically has privileged low-level access to all the hardware, and so exploiting bugs within its code can give an intruder full control over the phone or device. Technical details of these holes have been withheld for now to protect users of vulnerable gear.

“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Willis wrote in a breakdown of the security flaws.

Skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely

“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,” he added.

300x250x1

One of these four severe bugs has been assigned a CVE number, and it’s tracked as CVE-2023-24033. The other three are awaiting bug IDs.

The other 14 issues aren’t as severe and require “either a malicious mobile network operator or an attacker with local access to the device,” according to Willis. These include CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076 and nine other vulnerabilities that haven’t yet been assigned identifiers.

Affected devices include those using Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series of chips; Vivo mobile devices including the S16, S15, S6, X70, X60 and X30 series; the Pixel 6 and Pixel 7 series of devices from Google; and vehicles that use the Exynos Auto T5123 chipset.

Google issued a fix for CVE-2023-24033 affecting Pixel devices in its March security update. Until the other manufacturers plug the holes, Willis suggests turning off Wi-Fi calling and Voice-over-LTE (VoLTE) to protect against baseband remote code execution, if you’re using a vulnerable device powered by Samsung’s silicon.

And, as always, patch your gadgets as soon as the software updates become available.

Google’s team — and most security researchers — adhere to a 90-day disclosure timeline, meaning after they report the bug to the hardware or software vendor, the vendor has 90 days to issue a fix. After that, the researchers disclose the flaw to the public.

However, in some very rare and critical cases, where the “attackers would benefit significantly more than defenders if a vulnerability was disclosed,” the bug hunters make an exception and delay disclosure, Willis noted. That’s the case with the four zero-days that allow for internet-to-baseband RCE.

Of the 14 remaining less severe flaws, Project Zero disclosed four that exceeded its 90-day deadline. The other 10 will be released to the public if they hit the 90-day mark without fixes, Willis added. ®

728x90x4

Source link

Related Topics:
Continue Reading

Tech

The video game industry’s annual trade show E3 is canceled again as organizers say they will ‘re-evaluate the future’ – Fortune

Published

8 hours ago

 on

March 31, 2023

By


E3, the annual trade show of the video game industry where upcoming titles are unveiled and showcased, has been cancelled for 2023—and many observers suspect the event might finally be over for good.

The Entertainment Software Association and ReedPop, which had been hired to organize this year’s show, announced the cancellation late Thursday. The news came after a growing number of game publishers, including Microsoft, Nintendo, Ubisoft, and Tencent, announced they would not take part in E3 2023.

Both the physical and digital events were scrubbed. On the E3 Website, the two show organizers declined to address whether they would attempt another gathering next year, saying only “both parties will re-evaluate the future of E3.”

300x250x1

That’s a tremendous U-turn from the hyperbole of the show runners last July, when they claimed E3 2023 would set “a new benchmark for video game expos in 2023 and beyond.”

The last physical E3 was held in 2019, where attendees were able to get their first hands-on time with Google’s Stadia cloud-streaming service and Microsoft began discussing “Project Scarlett,” which would become the Xbox Series X. (Cyberpunk 2077 and Final Fantasy 7 Remake earned “best of show” honors.)

The ESA cancelled the show in 2020 due to the pandemic and held a digital version in 2021 that met with mixed reactions, at best. In 2022, it once again cancelled both the digital and in person show.

While E3 is dead, the industry is still likely to unveil upcoming games over the course of the summer. Ubisoft plans to host an event (likely online) around the same mid-June time frame E3 was scheduled for. Microsoft, Sony and Nintendo will likely hold their own showcases. And Summer Game Fest, hosted by Game Awards founder Geoff Keighley, will take place on June 8 in Los Angeles.

While many in the industry are mourning the apparent death of E3, the wheels for the show’s diminishing relevancy were set into motion a decade ago. In 2013, Nintendo broke tradition and announced it would not hold its traditional pre-show press conference, opting instead to talk directly to fans via a Webcast and offering demos of unreleased games at Best Buy stores around the country in conjunction with E3.

That initial Nintendo Direct proved to be an effective way to talk directly to customers, without the filter of the media. In the years since, all of the major console manufacturers have embraced it, as have many third-party publishers, such as EA and Ubisoft.

And even in 2013, some analysts were questioning whether the show could survive.

“With the acknowledgement that most of the growth, in a general sense, in gaming is coming outside of retail, E3 is going to take another tick down,” said John Taylor, who was with Arcadia Research Corp, said at the time. “I think we’re going to start hearing discussions about how important E3 is. … It may end up being too big of a venue.”

Adblock test (Why?)

728x90x4

Source link

Continue Reading

Tech

GM is phasing out Apple CarPlay and Android Auto in EVs – Yahoo News Australia

Published

9 hours ago

 on

March 31, 2023

By


Many car makers tout smartphone connectivity as a selling point, but GM won’t in the future. In a Reuters interview, GM digital chief Edward Kummer and executive cockpit director Mike Himche say GM will phase out Apple CarPlay and Android Auto with upcoming electric cars, beginning with the 2024 Chevy Blazer EV. Instead, you’ll have to rely on Android Automotive and its apps.

Users will get eight years of free Google Assistant and Google Maps use at no extra charge, GM says. The company doesn’t mention what you’ll pay if you still need those functions afterward. We’ve asked GM for comment. It will still offer CarPlay and Android Auto in combustion engine models, and you won’t lose access on existing EVs. GM plans an all-electric passenger vehicle line by 2035.

The company argues that Android Automotive provides more control over the experience. There are upcoming driver assistance technologies that are “more tightly coupled” with navigation features, Himche says, and GM doesn’t want them to require a smartphone. Kummer also acknowledged that there are “subscription revenue opportunities.” Don’t be surprised if you’re paying a recurring fee for certain features like you already do with some brands.

300x250x1

Android Automotive has a growing footprint. On top of GM, companies like BMW, Honda, Polestar, Stellantis, Volvo and VW are adopting it with or without Google apps. However, the platform doesn’t preclude support for CarPlay or Android Auto. GM is deliberately dropping those features. While this could lead to some innovative driver aids, it could also force you to mount your phone if there’s an app or function the EV’s infotainment system doesn’t support.

The decision is a blow to Apple. Its services may not have native support in GM EVs. The iPhone maker is also developing a next-gen CarPlay experience that can take over the entire dashboard — GM just ruled itself out as a potential customer. If Apple is going to have more control over your drive, it will have to turn to other marques.

Adblock test (Why?)

728x90x4

Source link

Continue Reading

Tech

Sega Releases Free Murder Mystery Sonic Game for April Fools’ Day – ComingSoon.net

Published

10 hours ago

 on

March 31, 2023

By


April Fools’ Day has not yet arrived quite yet in 2023, but that hasn’t stopped Sega from celebrating. The company stealth dropped a new Sonic the Hedgehog game for free called The Murder of Sonic the Hedgehog, which lets players solve, as the title says, who killed the Blue Blur.

This game is currently on Steam and takes around 70 minutes to complete. It’s a text-based adventure where players have to piece together clues and use them to prove a suspect’s alibi in order to figure out who “killed” Sonic in a Glass Onion-style murder mystery gone awry. There are also small runner levels where players control Sonic and collect rings while dodging obstacles.

Sega put out a cheeky trailer with the game, too, saying it had “heard the feedback” and was taking the franchise in a whole new direction.

300x250x1

[embedded content]

Adblock test (Why?)

728x90x4

Source link

Continue Reading

Trending