Google has discovered serious vulnerabilities in a number of mobile phones that could allow hackers to gain control

Google has discovered serious vulnerabilities in a number of mobile phones that could allow hackers to gain control

Project Zero, the Google team working on zero-day vulnerabilities, reports that it has discovered a number of vulnerabilities in mobile chips produced by South Korean mobile giant Samsung.

in a post on his blog Project Zero states that it discovered a total of 18 zero-day vulnerabilities in Samsung’s Exynos modem chips. sleeping computer He was among those who wrote about the case.

Facilitates remote attacks

Not all vulnerabilities are equally dangerous, but the most serious ones can have very severe consequences, according to security researchers.

Tests conducted by Project Zero confirm that these four vulnerabilities allow an attacker to compromise a phone at the baseband level without any user interaction, requiring only the attacker to know the victim’s phone number, the security researchers wrote, adding:

– With a little research and development, we believe that proficient attackers will be able to quickly create an “exploit” (software exploit for vulnerabilities, daily note) to silently infiltrate devices remotely.

Exynos chips with vulnerabilities have been found in a number of mobile phone models produced by Samsung itself, but also in a range of other mobile phones. Samsung has Put an overview of exactly which segments are affectedBased on this information, it is possible to infer which mobile phone models are covered by the vulnerabilities.

These include the Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 models. In addition, the chips in question are present in the Vivo S16, S15, S6, X70, X60, and X30 models, and in Google’s own Pixel 6 and Pixel 7 phones.

See also  This is how DuckDuckGo will stop tracking apps in Android

Turn off Wi-Fi calling and VoLTE

Some cell phones use both Qualcomm’s Exynos chips and chips, depending on the region. For example, the European version of the Samsung S22 uses an Exynos chip and is therefore vulnerable, while the US version of the S22 uses Qualcomm chips.

Only one of the four most critical security vulnerabilities had received tracking code at the time of writing, CVE-2023-24033. This has a CVSS severity rating of 9.8 out of 10 – making it a serious security vulnerability.

Project Zero states that the remaining 14 vulnerabilities, most of which have not yet been assigned a tracking code, require either a malicious network operator or an attacker with local access to the device to be exploited. So, this is not dangerous.

According to Project Zero, patch arrival times will vary by manufacturer. Samsung has already released a patch for the aforementioned critical CVE-2023-24033 vulnerability, but as stated by Bleeping Computer, among other things, at the time of writing this patch has not reached end users.

Until all fixes are implemented, users can protect themselves from exploits by turning off Wi-Fi calls and VoLTE (Voice-over-LTE) as a temporary workaround. It is also highly recommended to keep your device always updated with the latest updates.

You can find more information about the results at Project Zero.

Hanisi Anenih

Hanisi Anenih

"Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst."

Leave a Reply

Your email address will not be published. Required fields are marked *