Google security researchers discovered 18 flaws in Samsung Exynos chips used in popular Android devices and wearables. These exploits, according to the security team, placed the devices at danger of a security compromise.
The four most critical vulnerabilities, according to Google Project Zero Chief Tim Wills, “enable for internet-to-baseband remote code execution.” Google security engineers confirmed that the four flaws might allow an attacker to remotely compromise a phone at the baseband level without any user input. To do so, they merely need the victim’s phone number. Google security researchers remarked on the flaws discovered in Samsung smartphones. “We believe that competent attackers would be able to swiftly construct an operational exploit to silently infect susceptible devices,” they stated.
Samsung, Vivo, and Google mobile devices are among those affected
“Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings,” said Willis. If users turn off these settings, it will remove the exploitation risk of these vulnerabilities, he added.
Samsung, Vivo, and Google mobile devices are among those affected (Pixel 6 and Pixel 7 series). Additionally, any wearables equipped with the Exynos W920 chipset and automobiles equipped with the Exynos Auto T5123 chipset are listed as ‘devices at risk.’ Google’s Pixel devices that were affected have been fixed. Patch timescales for other brands, on the other hand, will vary by manufacturer. “As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities,” said Google.
Based on the list of affected chipsets provided by Samsung, the list of affected devices includes but is likely not limited to:
- Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;
- Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
- The Pixel 6 and Pixel 7 series of devices from Google;
- Any wearables that use the Exynos W920 chipset; and
- Any vehicles that use the Exynos Auto T5123 chipset
