https://techcrunch.com/2023/03...chips-flaws-android/

Google publicly warns about severe security flaws in Samsung chips, claiming that the flaws can be exploited without user interaction, that merely knowing the phone's number is enough to let a hacker exploit the flaws.

It's the modem's baseband processing unit.

As a friend remarked the other day:

“Samsung should stick to making phones.” And

My television is Samsung. Neither the Comcast remote or the Roku remote will work with it. From googling Samsung seems to be the worst with this problem.
Samsung custormer service is also poor.

Mr wtg has a bottom of the line Samsung phone; it's not on the list of ones with a chip issue. If it was and we had to switch off wifi calling, we'd be in trouble because the cellular signal in our neighborhood is totally awful.

We have three Samsung TVs with Comcast and Roku, and they all play nicely with each other. I'm a pretty good troubleshooter and my consulting fees are reasonable for anyone who might need assistance...

quote:

Originally posted by wtg:
Mr wtg has a bottom of the line Samsung phone; it's not on the list of ones with a chip issue. If it was and we had to switch off wifi calling, we'd be in trouble because the cellular signal in our neighborhood is totally awful.

We have three Samsung TVs with Comcast and Roku, and they all play nicely with each other. I'm a pretty good troubleshooter and my consulting fees are reasonable for anyone who might need assistance...

quote:

Originally posted by wtg:
Mr wtg has a bottom of the line Samsung phone; it's not on the list of ones with a chip issue. If it was and we had to switch off wifi calling, we'd be in trouble because the cellular signal in our neighborhood is totally awful.

The security flaws are in the Exynos modem chips that handle the cellular function. Turning off the cellular function and keeping all your calls and data on Wi-Fi will actually protect you from these security flaws.

Out of my technical wheelhouse here and I only skimmed the article...why does Google say this? (from the article)

quote:

Until affected manufacturers push software updates to their customers, Google said users who wish to protect themselves can switch off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings, which will “remove the exploitation risk of these vulnerabilities.”

Oh. It does affect phones. Lots of phones, apparently.

But I wonder why anyone would hack a phone. What would be the point? Is there data on a phone that can be resold?

I wonder the same thing about WiFi. My SIL-the IT-guy thinks my WiFi password is too weak. If someone guesses it, what can they do with it?

Has to do with “voice over IP” that at some level unifies “voice carried as data over Wi-Fi” and “voice carried as data over cellular.”

Google managed to narrow the problem down to certain “voice over IP” functions rather than implicating the entire modem baseband function (which was my old, not apparently wrong and outdated, reading at the time).

Had it still been the entire (cellular) modem baseband function that’s implicated, then switching the entire cellular function off would have been one way to avoid the security vulnerabilities.

quote:

Originally posted by Steve Miller:
Oh. It does affect phones. Lots of phones, apparently.

But I wonder why anyone would hack a phone. What would be the point? Is there data on a phone that can be resold?

I wonder the same thing about WiFi. My SIL-the IT-guy thinks my WiFi password is too weak. If someone guesses it, what can they do with it?

In theory (and I don't know whether this is true in the real world), anyone who can penetrate your WiFi network can see all the URLs you look at and everything you send out and receive ... including passwords, banking information, etc.

Whether that's true in an https environment, well, that's where my knowledge stops. I should probably know these things.

This is the first thing that I found:

https://www.aura.com/learn/can...%20account%20details.

Here's what the FTC says:

quote:

In the past, if you used a public Wi-Fi network to get online, your information was at risk. That’s because most websites didn’t use encryption to scramble the data and protect it from hackers snooping on the network.

Today, most websites do use encryption to protect your information. Because of the widespread use of encryption, connecting through a public Wi-Fi network is usually safe.

How do you know your connection is encrypted? Look for a lock symbol or https in the address bar to the left of the website address. This works on a mobile browser, too. It can be hard to tell if a mobile app uses encryption, but the majority do.

https://consumer.ftc.gov/artic...e-what-you-need-know

My banking sites all require two-step authentication these days.

Does that help solve the problem?

For your weak password...used to be people would drive around neighborhoods and look for wifi signals. Lots of people didn't change the factory password or the SSID, so it could be pretty easy to guess the password and get access to the network in your house. Of course over time people automated the password guessing part. So the stronger the password, the less likely you'll get hacked. Another option is to turn off the broadcasting of your SSID so other people can't see the name of your network.

https://www.lifewire.com/disab...eless-routers-816569

Then there were the people who monitored unsecured networks in public places and were able to intercept traffic. I think what the article is saying is that more websites use encryption, which makes it harder to sneak a peek at what people are doing. I tend not to look at the lock symbol in my browser, except when I go to a new site that I haven't visited before.

For more about encryption, check out HTTPS Everywhere:

https://www.eff.org/https-everywhere

Even two-factor authentication isn't bullet-proof. There's SIM swapping:

https://us.norton.com/blog/mobile/sim-swap-fraud

At the end, we are left with...



https://www.youtube.com/watch?v=JW5bcI0ADCY