Dan GoodinMar 20, 2023

A wide range of Android phones are vulnerable to attacks that fully compromise the devices at their deepest level: the baseband. Fixes have yet to be delivered, except to a subset of vulnerable Pixels. In the meantime, Google and Samsung advise, users should do something that's not possible for most vulnerable devices: turn off VoLTE. Both Google and Samsung declined to provide further, actionable guidance to at-risk customers. Worse, even if/when it's possible to turn off VoLTE, this advice completely neuters most phones of any kind of voice calling capability.

This incident once again underscores the security mess of the Android ecosystem. It also demonstrates the lack of cooperation Google and Samsung regularly exhibit in keeping their customers safe.

Super sad.

https://arstechnica.com/information-technology/2023/03/critical-vulnerabilities-allow-some-android-phones-to-be-hacked/

Google tells users of some Android phones: Nuke voice calling to avoid infection

If your device runs Exynos chips, be very, very concerned.

Ars Technica
Show threadDan GoodinMar 20, 2023

This incident involving the zero-click baseband vulnerability also underscores Google's continuing struggle to deliver timely updates to its Pixel customers. Delays like this one completely undermine the main selling of Pixel devices. What's more, the Project Zero advisory said that "affected Pixel devices have already received a fix." In fact, users of Pixel 6 devices still haven't received a patch, more than 4 days later.

Can someone tell me why Apple can deliver updates for all its iOS customers at once but Google still rolls out Pixel updates piecemeal?

Show threadPHolder  

@dangoodin >Google still rolls out Pixel updates piecemeal

Not being a Google apologist, but Apple has about 4 models per year, and controls almost all of it front to back. Google has 3 models per year, but Samsung and friends add hundreds more. When you release an update, it needs to be known to work (or at least not bork) all those models... It's a testing matrix nightmare to be sure. I presume that's why they've stuck with the statistical rollout model they have... fail early and rewind

Mar 20, 2023 at 9:46pmWeb
Show threadDan GoodinMar 20, 2023
@PHolder Google even released updates for pixels piecemeal, with pixel 6 updates, not being available until a few hours ago. Pixel 7 updates, meanwhile, were available late last week. This is a single product line that Google controls 100% and even then update distribution is a train wreck.