A new Android 0-day exploit has been discovered that affects devices with WiFi calling capabilities. This vulnerability allows hackers to get control of your device. All they need to know is you phone number. They can make a ‘special’ call to your device to gain access.
The hack works by exploiting a flaw in the way Android handles WiFi calling. When a user’s device is connected to a WiFi network, it may automatically switch to WiFi calling to save data and improve call quality. However, this can also open up a potential security vulnerability if the device is not properly secured.
The exploit takes advantage of this vulnerability by intercepting and manipulating the network traffic between the user’s device and the WiFi calling server.
With Google’s March 2023 update, the Pixel 6 and 7 families are protected against “all four Internet-to-baseband remote code execution vulnerabilities” (CVE-2023-24033 + CVE-2023-26496, CVE-2023-26497, and CVE-2023-26498).
Google list of likely affected products:
Samsung Galaxy phones including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 series.
Vivo phones including those in the S16, S15, S6, X70, X60, and X30 series.
Any vehicles that use the Exynos Auto T5123 chipset.
The current advice is, if in doubt, turn off WiFi calling.