Google: watch out for vulnerabilities in devices with Exynos modems

- Advertisement -spot_imgspot_img
Google: watch out for vulnerabilities in devices with Exynos modems

The exploits have not all been fixed yet and are in various Exynos processors from Samsung

A few months ago, Project Zero reported eighteen Zero-dayvulnerabilities in Samsung’s Exynos modems. The four most risky enabled Internet-to-baseband remote code execution. Those modems are included in the Galaxy S22, A53, A33 and a few more (popular) Samsung smartphones. But also in devices from Vivo and the Pixel 6 and 7 models from Google. A full list is at the bottom of this article.

Hack device with just the phone number

Tests confirm that these four vulnerabilities allow an attacker to remotely compromise a baseband-level phone without user intervention. The hacker in question only needs the victim’s phone number.

With limited additional research and development, the Zero-day experts believe that skilled attackers can quickly create an operational exploit to silently and remotely hack affected devices.

The vulnerabilities in question have not all been assigned a code number yet. Only CVE-2023-24033, which Google has already fixed in its own devices, is ‘numbered’.

A fix is ​​being worked on

Google expects that the bug fixes for these vulnerabilities will be rolled out with the upcoming security updates. However, the availability of those updates will vary by manufacturer. For example, the Pixel smartphones have already received a fix for CVE-2023-24033. That happened with the March 2023 security update.

“In the meantime, users with these devices can protect themselves against the baseband remote code execution vulnerabilities mentioned in this post by disabling Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. As always, we encourage end users to update their devices as soon as possible to ensure they are running the latest builds that address both known and undisclosed security vulnerabilities.

Samsung has published a list containing all devices equipped with the relevant Exynos chips:

  • -Samsung: S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04;
  • -Vivo: S16, S15, S6, X70, X60 and X30 series;
  • -Google’s Pixel 6 and Pixel 7 series;
  • -All wearables using the Exynos W920 chipset;
  • -All vehicles using the Exynos Auto T5123 chipset.
- Advertisement -spot_imgspot_img
Latest news
- Advertisement -spot_img
Related news
- Advertisement -spot_img