Google found 18 zero-day flaws in Samsung’s Exynos chips

admin

Administrator
Staff member
Admin
Global Mod
Google’s security research team has found numerous vulnerabilities in some of Samsung’s chips. Dozens of Android smartphone models, as well as wearables and cars, would be affected by these flaws.



Google Project Zero security researchers have struck again. These security experts, whose mission is to hunt for zero-day vulnerabilities, have just announced that they have found no fewer than 18 such flaws in the Exynos modems manufactured by Samsung in recent months.

Four very critical zero-day mistakes


Of these 18 vulnerabilities, four are considered very important, as they have already been exploited by attackers to remotely execute code in the baseband of various devices.

“Testing by Project Zero confirms that these four vulnerabilities allow an attacker to remotely compromise a baseband-level phone without user intervention, and that the attacker only needs to know the victim’s phone number. » explain Google security researchers. “With limited additional research and development, we believe skilled attackers can quickly create a working exploit to silently and remotely compromise affected devices. » they ended up completing. complemented by security experts from Project Zero
The fourteen other zero-day errors found are less severe. To be exploited, they need a malicious mobile network operator or an attacker with local access to the affected device.

Dozens of devices have been affected by these zero-day vulnerabilities


Samsung has listed on its website the list of Exynos chipsets affected by these zero-day bugs. And the least we can say is that the list of devices affected by these breaches is quite large. The affected products are the following:

  • Samsung Galaxy S22, M33, M13, 12, A71, A53, A33, A21, A13, A12 and A04 smartphones
  • Vivo S16, S15, S6, X70, X60 and X30 smartphones
  • The Google Pixel 6 and Pixel 7
  • All devices with an Exynos W920 chipset (which powers the Galaxy Samsung Watch 4 in particular)
  • All vehicles with an Exynos Auto T5123 chipset (used to provide 5G connectivity to vehicles)
While patch updates have already been applied to some devices, such as the Pixel 6 and Pixel 7, Project Zero researchers believe that timelines for getting patches for certain devices will vary by manufacturer. Therefore, they strongly recommend continuing to install device updates as soon as they are offered by the manufacturers. While waiting for all affected manufacturers to investigate the question, security researchers are offering some advice. To mitigate the risk of an attack, they suggest disabling Wi-Fi calling and voice over LTE (VoLTE) in their device settings.

Source :

Google Project Zero
 
Top