Skip to main content
Forum FAQ's
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VoLTE needs disabling on Pixel 6 Pro and others

Eeupdates
Investigator
Investigator

‎17-03-2023 07:02 PM

Hi,

As you're probably aware Google's Project Zero have announced serious issues with the baseband modems in various recent phones including the Pixel 6 and Pixel 6 Pro.

The phones can be taken over via a maliciously crafted call over VoLTE or if WiFi calling is active. 

WiFi Calling can be easily disabled but not VoLTE due to the way EE use device profiles.

Can EE confirm they can fix this via a new profile before the security updates arrive?

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html?m=1

EE need to be quick with this one, otherwise your customers data is at serious risk and due to EEs last decisions to lock down settings via profile your customers are wide open to attack.

10 REPLIES 10
gingersnaps
Visitor

‎19-03-2023 09:29 AM

Will ee update on this soon please.

Meta
Visitor

‎20-03-2023 07:58 AM

Still no response to the OP, and no updates or info anywhere else I can see ,  can EE actually bother answering as this has potential to be a serious issue , this is a really poor level of service you're giving your customers .

Chris_B
Grand Master
Grand Master
In response to Meta

‎20-03-2023 09:04 AM - edited ‎20-03-2023 09:07 AM

@Meta   Seeing as the question was asked on a Sunday and any relevant information will have to be asked via a EE staff member here to the appropriate department who I can bet you were not working on Sunday.   

But let’s see what @Christopher_G  do. 

0 Helpful
Eeupdates
Investigator
Investigator

‎20-03-2023 09:16 AM

I actually asked Friday, but EE should have been all over this like a bad rash instead of arguing the toss about semantics - EE customers data is at risk for every minute they don't act.

If we were in manual control of being able to turn off VoLTE etc then fair enough, but EE control this via the device profile, which hasn't been updated since the 8th December 2022.

If anyone here can escalate please do. As mentioned before this doesn't just affect the Pixel line, things like the Samsung S22 are affected too.

A device profile disabling WiFi Calling & VoLTE temporarily should have been in progress with testing ready to be pushed soon after  Project Zero made the announcement.

Yes it's a pain for some people but when asked whether they preferred a few days of inconvenience while waiting for a patch vs having their pants pulled down and private data exfiltrated I think I know which most would prefer.

Hackers don't take rest days unfortunately and as I know relevant staff are always contactable 24/7 when necessary so hopefully this is being addressed internally.

Memos2020
Visitor
In response to Eeupdates

‎20-03-2023 06:23 PM - edited ‎20-03-2023 06:24 PM

I contacted EE customer service with this same issue as the OP and they didn't have a clue what I was describing in relation to the day one vulnerability reported by Google's Project Zero announcement. And what made me even more annoyed was the alleged technical support saying EE have no way to allow customers to disable VoLTE and if they let me turn off VoLTE I'd have a really bad experience with call reception.

Staff haven't got a clue and this is not being taken seriously. if my phone is hacked and my data compromised EE will have to compensate me. And this is not a Google issue as I have tried Other supplier Sims in my phone and the VoLTE toggle becomes visible.

 

 

 

BrendonH
Community Hero
Community Hero

‎20-03-2023 07:42 PM

You can't turn off VoLTE on the pixel?

 

I can on my Samsung Galaxy 

Screenshot_20230320_194116_Call settings.jpg


BrendonH (Android Expert) Google Pixel 8 Pro Obsidian Black (Android 14)
If I have helped please click the THUMB/SOLUTION buttons below
Eeupdates
Investigator
Investigator
In response to BrendonH

‎20-03-2023 08:20 PM

No unfortunately EE control the settings for VoLTE via a device profile on the Pixels 

BrendonH
Community Hero
Community Hero

‎20-03-2023 08:27 PM

I'll check my wife's pixel when I get home as I thought as Google keeps their software stock on there phones EE wouldn't be able to hold it ransom seeing as now they no longer lock their phones.


BrendonH (Android Expert) Google Pixel 8 Pro Obsidian Black (Android 14)
If I have helped please click the THUMB/SOLUTION buttons below
0 Helpful
Eeupdates
Investigator
Investigator
In response to BrendonH

‎20-03-2023 10:59 PM

It's called Operator Settings on mine - basically it lets EE hide some settings from user control which is why the settings appear with other network SIMs, even on unbranded software. 

Great idea until this sort of thing happens, you can guarantee someone out there is actively looking to create an exploit.

0 Helpful