Samsung modem vulnerability

Google Discovers 18 Vulnerabilities in Samsung Modems on Millions of Devices

Published on: March 20, 2023
Last Updated: March 20, 2023

Google Discovers 18 Vulnerabilities in Samsung Modems on Millions of Devices

Published on: March 20, 2023
Last Updated: March 20, 2023

Google’s Project Zero security team has discovered 18 zero-day vulnerabilities in Samsung’s Exynos chipsets, which are used in millions of smartphones and other devices worldwide.

This revelation puts a significant number of users at risk of having their devices hacked.

These vulnerabilities were found in the baseband processors, also known as modems, which facilitate communication between a device and cellular networks.

As reported by BleepingComputer, hackers could potentially exploit these flaws to gain unauthorized access to users’ data or take control of their devices.

According to Tech Times, the vulnerabilities were discovered during a six-month investigation by Project Zero researchers, who examined Samsung’s modem codebase for potential security risks.

The team found issues in Samsung’s proprietary code, as well as in code shared by other modem manufacturers.

Maddie Stone, a Project Zero researcher, stated, “This research was done as part of Project Zero’s mission to make 0-days hard by understanding how they are found, used, and traded by attackers in the wild”.

Although Samsung has released security updates that fix these vulnerabilities in affected chipsets for other vendors, these patches are not publicly available and cannot be applied by all impacted users.

The patch timeline for each manufacturer’s devices may vary, but Google, for example, has already addressed CVE-2023-24033 for affected Pixel devices in its March 2023 security updates.

However, “until patches are available, users can thwart baseband RCE exploitation attempts targeting Samsung’s Exynos chipsets in their device by disabling Wi-Fi calling and Voice-over-LTE (VoLTE) to remove the attack vector,” according to the report.

Samsung also confirmed the efficacy of this workaround, stating that “users can disable WiFi calling and VoLTE to mitigate the impact of this vulnerability.”

“As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities,” Willis added.

Samsung Exynos chipsets are used in various devices, including smartphones, tablets, and smartwatches, making this a widespread security concern.

The discovery of these vulnerabilities highlights the need for continued scrutiny and improvement in the cybersecurity field, especially as more and more devices rely on complex chipsets for communication and data processing.

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Husain Parvez

Husain has been around the internet ever since the dial-up days and loves writing about everything across the technosphere. He loves reviewing tech, writing about VPNs, and covering Cybersecurity news.