Just wonderful - from Ars Technica:
Google tells users of some Android phones: Nuke voice calling to avoid infection
Google is urging owners of certain Android phones to take urgent action to protect themselves from critical vulnerabilities that give skilled hackers the ability to surreptitiously compromise their devices by making a specially crafted call to their number. It’s not clear if all actions urged are even possible, however, and even if they are, the measures will neuter devices of most voice-calling capabilities.
A bit more:
“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number,” Project Zero’s Tim Willis wrote. “With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”
You read that right - the attacker just needs to know the telephone number. I am sure that a patch will be forthcoming soon but sheesh...
Leave a comment