Google Uncovers 18 Extreme Safety Vulnerabilities in Samsung Exynos Chips

Mar 17, 2023Ravie LakshmananCell Safety / Firmware

Google is asking consideration to a set of extreme safety flaws in Samsung’s Exynos chips, a few of which may very well be exploited remotely to fully compromise a telephone with out requiring any person interplay.

The 18 zero-day vulnerabilities have an effect on a variety of Android smartphones from Samsung, Vivo, Google, wearables utilizing the Exynos W920 chipset, and automobiles outfitted with the Exynos Auto T5123 chipset.

4 of the 18 flaws make it potential for a menace actor to realize internet-to-Samsung, Vivo, and Google, in addition to wearables utilizing the Exynos W920 chipset and vehicleses in late 2022 and early 2023, mentioned.

“[The] 4 vulnerabilities permit an attacker to remotely compromise a telephone on the baseband stage with no person interplay, and require solely that the attacker know the sufferer’s telephone quantity,” Tim Willis, head of Google Mission Zero, mentioned.

In doing so, a menace actor may achieve entrenched entry to mobile info passing out and in of the focused system. Extra particulars in regards to the bugs have been withheld.

The assaults may sound prohibitive to execute, however, on the contrary, they’re properly inside attain of expert attackers, who can shortly devise an operational exploit to breach affected gadgets “silently and remotely.”

The remaining 14 flaws are mentioned to be not as extreme, because it necessitates a rogue cellular community insider or an attacker with native entry to the system.

Whereas Pixel 6 and seven handsets have already obtained a repair as a part of March 2023 safety updates, patches for different gadgets are anticipated to range relying on the producer’s timeline.

Till then, customers are really useful to modify off Wi-Fi calling and Voice over LTE (VoLTE) of their system settings to “take away the exploitation threat of those vulnerabilities.”