This post pertains to a security vulnerability that could allow a remote attacker to compromise the Pixel 6 series of phones without the user being required to do anything (they just need to know your phone number, they can attempt the attack in a distributed manner against every phone number once they reverse engineer the patch and figure out how to exploit the vulnerability). The attacker would be able to exploit the phone silently in the background with currently no way to detect if you’ve been compromised. The Pixel 6 update which patches this vulnerability is expected to come out on March 20th (per Google Support).
Read more about it here:
I saw a lot of confusion regarding how to disable the cellular / mobile network including some people claiming you cannot do this via software and have to take the SIM physically out. I was able to verify this can be done from “Settings” and ensured there was no cellular signal by using different apps to test (OpenSignal, LTE Discovery, Network Cell Info Lite & Wifi).
* Go to “Settings” then “Network & internet”
* Click “SIMs”
* Turn off “Wi-Fi calling” (unsure if necessary but did it as a precaution, likely a good idea given it was part of the official remediation recommendations from Project Zero)
* Turn off “Use SIM”
* Turn on “Airplane mode” (you can have Wi-Fi and Bluetooth on when in airplane mode) – this is also likely unnecessary but did it as a precaution.
When “Airplane mode” was turned off I noticed the “GSM Cell Location” and “dataNetworkType” fields were populated in LTE discovery but the “Service State” was “N/A”. This likely means “Airplane mode” isn’t necessary but I enabled it anyway as a precaution since those fields I mentioned are not populated (not defined or zero) when “Airplane mode” is turned on.
This post only applies to Pixel 6 users who are unable to turn off Wi-Fi calling and VoLTE and want to protect themselves from the vulnerability until the patch is out.