March 22, 2023

Harmful zero-day vulnerabilities present in Samsung Exynos modems have been found encompassing Samsung Galaxy telephones, Google Pixel 6s and 7s, choose wearables, and extra. Here is what to anticipate, the steps to take, and discover out in case your machine(s) is affected.

Google’s Venture Zero discovered eighteen zero-day vulnerabilities in Exynos modems, of which seven had been designated as “most extreme” that may permit an attacker—with an exploited telephone quantity—to intercept knowledge passing by means of the modem to acquire knowledge from textual content messages and telephone calls. Venture Zero’s weblog states that these exploits have an effect on telephones manufactured between late 2022 and early 2023.

The crew clarify that their testing discovered that, “these 4 vulnerabilities permit an attacker to remotely compromise a telephone on the baseband degree with no person interplay, and require solely that the attacker know the sufferer’s telephone quantity. With restricted further analysis and improvement, we consider that expert attackers would have the ability to shortly create an operational exploit to compromise affected units silently and remotely.”

In case you are questioning, the zero-day vulnerability designation means a safety loophole that must be fastened instantly and will already be actively exploited. So, till particular person producers are in a position to push official patches, it’s suggested that house owners flip off Wi-Fi calling and VoLTE (Voice Over LTE) instantly to keep away from being a goal.

Primarily based on the CVE (Frequent Vulnerabilities and Exposures) ID listed within the weblog, we are able to decide that the affected Samsung Exynos chipsets are Exynos 980, Exynos 1080, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The weblog additionally lists seemingly affected merchandise:

  • Samsung Galaxy smartphones, together with the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 collection;

  • Vivo smartphones, together with the S16, S15, S6, X70, X60 and X30 collection;

  • Google smartphones, together with the Pixel 6 and Pixel 7 collection; and

  • Automobiles that use the Exynos Auto T5123, which is a 5G-enabled SoC.

Moreover, apart from the momentary fixes talked about above, Google additionally advises customers to ceaselessly verify and replace their units with the most recent patches to make sure that they’re protected against these safety vulnerabilities.

Supply hyperlink