After discovering 18 zero-day vulnerabilities in Samsung’s Exynos Modems by Google’s Project Zero team of security specialists, the company has warned owners of specific Android smartphones, wearables, and automobiles.
The four most dangerous of the eighteen zero-day vulnerabilities, all of which were disclosed in late 2022 and 2023, allow an attacker to remotely compromise a phone at the baseband level without requiring user involvement, according to Google Project Zero leader Tim Willis. The target’s phone number is all an attacker would need to compromise a susceptible device.
The data flowing to and from the device, including calls, messages, and cellular data, would be completely accessible to a hacker who successfully exploited one of the flaws. Willis claims competent attackers might swiftly develop a working use to covertly and remotely infiltrate compromised devices.
Although they need a hostile mobile network provider or an attacker with local access to the device, the remaining 14 flaws were not as severe.
Some of the Exynos chipset-equipped devices that Google identified as potentially vulnerable include:
- Samsung’s mobile devices, such as those from the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series
- Vivo’s smartphones, include the S16, S15, S6, X70, X60, and X30 series
- Google’s Pixel 6 and Pixel 7 range of gadgets
- Almost any wearables with an Exynos W920 chipset (inc., the Galaxy Watch 4 and 5)
- any automobiles using a processor made by Exynos Auto T5123.
The March 2023 security update already included a fix for impacted Pixel device owners, which is good news. According to a tweet from Project Zero researcher Maddie Stone, Samsung still hasn’t patched the flaws despite having 90 days to do so.
End-users still don't have patches 90 days after report…. https://t.co/dkA9kuzTso
— Maddie Stone (@maddiestone) March 16, 2023
To reduce the chance of these zero-day vulnerabilities being exploited, Google advises users of unpatched devices to turn off Wi-Fi calling and Voice over LTE (VoLTE) in the device settings.
Also read: This full length article provides briefing about virtual data room for startup. You too can contact if you are new at your business.
Also read: If you are looking for online help for your school and college assignment, we provide genuine essay writing services in the UK.
