Google’s Project Zero security research team has published a report highlighting active vulnerabilities in Samsung’s Exynos modems.
Four of the 18 reported security issues with the Samsung chips in question are serious and could give hackers access to phones with just the phone number. Security researchers typically don’t disclose vulnerabilities until they’ve been fixed. However, it seems that Samsung is slow to address the issue.
Project Zero researcher Maddie Stone tweeted that “end users still don’t have patches 90 days after exposure.” According to the researchers, the following phones and other devices, including vehicles, can be compromised if hackers exploit the dangerous Exynos chips:
Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series. The Vivo S16, S15, S6, X70, X60 and X30 series.
The Pixel 6 and Pixel 7 series. Any wearables using the Exynos W920 chipset.
Any vehicles using the Exynos Auto T5123 chipset.
It’s worth noting that Google has fixed the issues in the March security update for the Pixel 7 series.
However, the update hasn’t rolled out to the Pixel 6, Pixel 6 Pro, and Pixel 6a yet, meaning those phones aren’t are currently safe from hackers who are able to exploit the specified baseband internet remote code execution vulnerability.
“With limited additional research and development, we believe that skilled attackers could quickly create a working exploit to compromise affected devices silently and remotely,” Project Zero notes in its report.
While we wait for Samsung and other vendors to resolve the issues affecting Exynos chips, Google recommends disabling Wi-Fi calling and Voice-over-LTE (VoLTE) functionality on affected devices. You should also keep an eye out for any upcoming security updates and install them as soon as possible.
0 Comments