Samsung Exynos Modems Found Vulnerable to Security Bugs, Luckily There’s a Patch-up

Google warns users against remote hackers who can gain access to their phones.

Samsung's Exynos modems are found to be vulnerable to remote hacking, Google's zero-day hunting team Project Zero says in its latest post.

With that being said, users who have smartwatches, smartphones, and even cars equipped with these chipsets are told to be aware about the zero-day attacks.

Samsung Exynos Chips Vulnerable to Remote Code Execution

Samsung Exynos Modems Found to be Vulnerable to Security Bugs, But There's a Patch-Up You Can Do
Google discovers 18 zero-day vulnerabilities n many Android phones including those with Exynos modems. SCREEN POST from Unsplash

According to Mashable, 18 zero-day vulnerabilities were discovered by Google Project Zero in some devices with Samsung Exynos SoCs between late 2022 and early 2023.

The search engine giant claims that hackers behind this attack can potentially control the victim's smartphones and other devices remotely.

Additionally, they can even compromise the other existing files, photos, or videos in a smartphone, making it more vulnerable to theft.

Tim Willis, the Head of Project Zero, a skilled cybercriminal can easily take over an Exynos-powered device using only a victim's phone number.

"Due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution," Willis said.

Bleeping Computer wrote this week that CVE-2023-24072, CVE-2023-24073, CVE-2023-24074, CVE-2023-24075, CVE-2023-24076, and nine more security flaws are not considered to be critical. However, they should not be underestimated since they can still exploit a device via remote access.

Affected Devices by Zero-Day Vulnerabilities

In case you suspect your smartphone or any other devices as one of the affected models by zero-day vulnerabilities, check this list as reference.

  • Samsung S22
  • Samsung M33
  • Samsung M13
  • Samsung M12
  • Samsung A71
  • Samsung A53
  • Samsung A33
  • Samsung A21
  • Samsung A13
  • Samsung A12
  • Samsung A04
  • Google Pixel 6
  • Google Pixel 7
  • Vivo S16
  • Vivo S15
  • Vivo S6
  • Vivo X70
  • Vivo X60
  • Vivo X30
  • Pixel Watch 4
  • Pixel Watch 5
  • Any vehicles with Exynos Auto T5123 chipset
  • Any wearables with Exynos W920

It's important to note that Samsung Semiconductor released an updated advisory about the Exynos-powered devices on Friday, March 17.

Sam Mobile reports that the update is removing Exynos W920 chipset as an affected SoC.

Temporary Fix You Can Do With Affected Device

It should be noted that some devices are left unpatched although regular updates have been issued by Samsung in some of its products.

As a quick workaround regarding the zero-day issue on Exynos devices, Samsung says that Project Zero's trick to disable WiFi calling and VoLTE could likely avoid this from happening. They are accessible in the settings.

However, they might experience lower quality when it comes to voice calls, but at least their smartphones and devices will be spared from unwanted access from the threat actors.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics