Newsletter
Google patched two critical vulnerabilities in the Pixel 6 that allowed remote attackers to take control of the device simply by making a call to the victim. The bug was present in the modem stack and enabled attackers to downgrade a potential victim’s wireless cellular communication to the 2G standard and hijack the device. The company advises users to disable 2G on their phones to stay safe from such attacks in the future.
The vulnerabilities were detailed by Google’s Android Red Team during the Black Hat security conference in Las Vegas earlier this week. According to a SCMedia report, attackers chained the two Pixel modem vulnerabilities together to first downgrade the target device’s cellular communication standard and then hijack it. The whole attack could be executed “with the help of a low-cost $1,000 home-brew cellphone base station,” the report states.
The Android Red Team discovered the vulnerabilities in 2021. Tracked as CVE-2022-20170, the first bug is an over-the-air remote code execution bug patched with the June 2022 security update for Pixel devices. The second issue, tracked as CVE-2022-20405, is an elevation of privilege (EoP) flaw. Google patched it a couple of months later (in August 2022). Interestingly, the company originally classified the EoP flaw as a moderate vulnerability. However, both were later rated critical with a CVSS (Common Vulnerability Scoring System) score of 9.8.
Google confirmed that there’s no evidence of attackers exploiting these bugs in the wild today, or even in the past. However, it still took the company over a year to disclose the vulnerabilities and the related technical CVE (Common Vulnerabilities and Exposures) details due to “internal Alphabet procedures.” This also gave Pixel 6 users ample time to install the patches.
The Google Android Red Team advises Pixel users against using 2G
Four Android Red Team members demonstrated this attack at the recently concluded Black Hat security conference. The security experts (Xuan Xing, Eugene Rodionov, Xiling Gong, and Farzan Karimi) highlighted the weaknesses of 2G networks. “This attack is all about downgrading handsets to 2G,” Karimi said.
Unfortunately, despite the arrival of 5G networks, the wireless industry hasn’t left behind 2G. Most cellular data modem chipsets still support 2G networks. This is to ensure connectivity in areas where 5G isn’t available. However, the poor security measures of the 2G wireless standard make it vulnerable to these kinds of attacks.
Google’s security researchers advise users to disable 2G connectivity on their phones. You should be able to do that from the Settings app. Should you ever need to connect to a 2G network (such as when 5G isn’t available), you can enable it. Note that 2G is always enabled for emergency calls regardless of your setting.