We know that the issue of hacking is one of the domains that arouse rumors and drama, especially with regard to the means used by hackers to trap the victim. But drama aside, hackers usually use methods that seem familiar to most of us, and even though we know them, we never stop falling prey to them. On Messenger, for example, your brother sent you a message: "Look! I found your picture published on a pornographic site", followed by a link, from the horror of the message, and because of your trust in the sender (your brother) you may click on the link to find yourself in front of a site that asks you for an email and password, only to be surprised later that you sent the content of the message sent to you to all your friends on Facebook.

At that moment you will know that you have fallen victim to a hack, but what is new and really dangerous is that we have reached a stage where hackers no longer need users to click on a link or do any other action (action), and this type of attack is called "Remote code execution" or "RCE"; where attackers execute remote commands to put malware or other malicious code on a computer or network.

During this attack, there is no need for any intervention from you as a user, as a vulnerability that executes remote instructions can put your sensitive data at risk without hackers needing physical access to your network, cybersecurity expert and founder of Seekurity, Mohamed Abdel Basit, told Meydan. As a result, the vulnerability recently discovered by the Project Zero team could completely change the game.

Touching shoulders. Touchless

18 vulnerabilities discovered by Google's team in modems integrated into Samsung's Exynos chips to compete with Snapdragon chips. (Shutterstock)

Well, it's not a single vulnerability, but 18 vulnerabilities discovered by Google's team in modems built into Samsung's Exynos chips to rival the most popular and widely used Snapdragon chipset. The modem is the piece responsible for communications of all kinds, whether they are calls on the mobile or on the Internet, and in order to realize the magnitude of the disaster, it is enough to tell you that these discovered vulnerabilities lead to the complete hacking of the phone by knowing the phone card number only. (1)

Abdul Basit confirms in an interview with "Meydan" that what happened is a worrying development in the world of hacking, as he says: "In the past, the hacker was required to make an effort to deceive the victim by sending a page or link that has a loophole that is exploited to access his information and devices, or any of the other methods of deception, and this required knowing the victim's means of communication such as e-mail or his accounts on social networking sites, but now, all you need is a phone number in order to Break it through."

According to Abdel Basit, this development takes us back years, when attacks can be carried out completely without user intervention through a phone call alone, meaning that no matter how conscious the user is, this probably will not protect him. New vulnerabilities have been spotted in many Samsung phones such as Galaxy devices, and in several versions of Vivo and Google Pixel phones (2), and it is important to note that devices are vulnerable to security vulnerabilities only if they are equipped with one of the affected "Exynos" chips.

The blog stated that Vivo's mobile devices, including the S16, S15, S6, X70, X60 and X30 versions, may be vulnerable. (Shutterstock)

The infected devices, according to what Google posted on its blog, include: Samsung mobile devices, including those in the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series. Vivo's mobile devices, including the S16, S15, S6, X70, X60 and X30 versions, may be vulnerable, and the risk also extends to wearables and even cars that use the chips themselves, the blog said. (3)

Devil Ports

Fortunately, only 4 of the 18 vulnerabilities Project Zero found are "demon ports" that allow "remote code execution" or Internet-to-baseband remote code execution. Google has said it will not release any information for the four serious vulnerabilities, although it usually discloses all the data, but the tech giant fears it could be exploited to carry out more violent attacks very easily. The rest of the vulnerabilities were small-impact, or let's say familiar to cybersecurity experts, because they required permission to access the device either by clicking on a link or downloading malware.

Google has warned Samsung of the aforementioned vulnerabilities in its devices, but the Korean company is still slow to resolve the crisis, but this slowdown will not benefit it for long. There are two scenarios followed by cybersecurity experts in detecting vulnerabilities, in the first scenario, security researchers will wait until the vulnerability is filled by service providers before announcing that they have discovered the bug so that it is not exploited, and in the second, it is usually waiting until a certain period of time has elapsed since the vulnerability was reported without any fix in sight, and as it seems, the last case will be the same followed in the case of Samsung, where researcher Maddie Stone tweeted that "end users will not get to address the gaps even after 90 days."

End-users still don't have patches 90 days after report.... https://t.co/dkA9kuzTso

— Maddie Stone (@maddiestone) March 16, 2023

But despite this tragic situation, the compassionate hands of the Project Zero team have come up with a solution that enables users of the aforementioned phones to protect themselves until the Korean tech giant addresses the matter with a radical solution on its own.

The team recommended that users disable two features, namely Wi-Fi connection, by following these steps: From the phone settings, choose Wi-Fi, then choose "Card and Network Settings" (SIM and Network), here if your phone supports more than one SIM card, you must choose whichever you want to disable, or disable both by clicking on them and then deactivating the "Wifi calling" or "Wi-Fi calls" option in Arabic.

The second feature to be disabled is what is known as "VoLTE", which is the feature responsible for making your voice calls clearer and in high quality, and also allows you to use your Internet data to make calls over the Internet, and to disable it you will go to Settings and then "Mobile Networks", and by choosing the basic chip, and pressing the turn off button for the "VoLTE" feature, you have temporarily stopped the danger. Disabling these two features will of course make your connections slower and lower quality, but it's a convenient and practical solution for now. But this convenient solution will not be comfortable for a long time for Samsung if it decides to continue to ignore the fatal mistakes, and T-Mobile has a lesson.

It's not the first time. And it won't be the last

Recently, T-Mobile has faced several data breaches that have exposed sensitive customer information. (Shutterstock)

T-Mobile is one of the largest wireless carriers in the United States, which has had its fair share of security issues over the years. But recently, T-Mobile has faced several data breaches that exposed sensitive customer information, most notably in August 2021, when hackers hacked into the company's systems and stole data from more than 50 million customers. (4)

The stolen data included personal information such as names, addresses, dates of birth, and social security numbers, as well as information about billing. The incident raised concerns about T-Mobile's security practices and prompted the company to take stricter measures to protect its customers' data.

Later in November of the same year, security researchers discovered a flaw in the company's website that allowed anyone to access customer account data with only their phone number, a scenario identical to Samsung's experience. The company was quick to patch the vulnerability, but the incident raised questions about the company's security testing and quality control processes, prompting leaked U.S. citizens to file a class action lawsuit that cost the company more than $500 million in damages and attorneys' expenses, including $150 million to rehabilitate its cybersecurity infrastructure. (5)

Investing in security infrastructure is inevitable so that researchers do not fall in front of "zero daily" errors or what is called "Zero day", and daily zero errors were called by this name because they are very modern, so that researchers and experts have "zero" days to find solutions and remedy for problems or malfunctions resulting from them, and of course to reduce material losses that may affect entire countries and not just a company or institution. (6)

But until scientists invent a comprehensive immune system against viruses and digital diseases, maintaining your digital security represented in your data remains your responsibility, you must adhere to security updates first-hand, and educate about all modern risks as you educate healthily about your human body, as the electronic body is currently without immunity, and it is no less important than your real body in the digital world.

____________________________________

Sources:

  • Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems:
  • Google warns users to take action to protect against remotely exploitable flaws in popular Android phones
  • Semiconductor
  • T-Mobile CEO calls latest data breach ‘humbling,’ claims it’s committed to security
  • T-Mobile agrees to pay customers $350 million in settlement over massive data breach
  • Zero-day Attack