Google Uncovers 18 Extreme Safety Vulnerabilities in Samsung Exynos Chips

Mar 17, 2023Ravie LakshmananCellular Safety / Firmware

Google is looking consideration to a set of extreme safety flaws in Samsung’s Exynos chips, a few of which might be exploited remotely to utterly compromise a cellphone with out requiring any consumer interplay.

The 18 zero-day vulnerabilities have an effect on a variety of Android smartphones from Samsung, Vivo, Google, wearables utilizing the Exynos W920 chipset, and automobiles outfitted with the Exynos Auto T5123 chipset.

4 of the 18 flaws make it attainable for a menace actor to attain internet-to-Samsung, Vivo, and Google, in addition to wearables utilizing the Exynos W920 chipset and vehicleses in late 2022 and early 2023, mentioned.

“[The] 4 vulnerabilities permit an attacker to remotely compromise a cellphone on the baseband stage with no consumer interplay, and require solely that the attacker know the sufferer’s cellphone quantity,” Tim Willis, head of Google Mission Zero, mentioned.

In doing so, a menace actor might achieve entrenched entry to mobile info passing out and in of the focused system. Further particulars in regards to the bugs have been withheld.

The assaults may sound prohibitive to execute, however, on the contrary, they’re nicely inside attain of expert attackers, who can shortly devise an operational exploit to breach affected gadgets “silently and remotely.”

The remaining 14 flaws are mentioned to be not as extreme, because it necessitates a rogue cellular community insider or an attacker with native entry to the system.

Whereas Pixel 6 and seven handsets have already obtained a repair as a part of March 2023 safety updates, patches for different gadgets are anticipated to fluctuate relying on the producer’s timeline.

Till then, customers are really useful to modify off Wi-Fi calling and Voice over LTE (VoLTE) of their system settings to “take away the exploitation danger of those vulnerabilities.”