Google’s Project Zero security team has discovered 18 zero-day vulnerabilities in Samsung’s Exynos chipsets, which are used in millions of smartphones and other devices worldwide.
This revelation puts a significant number of users at risk of having their devices hacked.
These vulnerabilities were found in the baseband processors, also known as modems, which facilitate communication between a device and cellular networks.
As reported by BleepingComputer, hackers could potentially exploit these flaws to gain unauthorized access to users’ data or take control of their devices.
According to Tech Times, the vulnerabilities were discovered during a six-month investigation by Project Zero researchers, who examined Samsung’s modem codebase for potential security risks.
The team found issues in Samsung’s proprietary code, as well as in code shared by other modem manufacturers.
Maddie Stone, a Project Zero researcher, stated, “This research was done as part of Project Zero’s mission to make 0-days hard by understanding how they are found, used, and traded by attackers in the wild”.
End-users still don't have patches 90 days after report…. https://t.co/dkA9kuzTso— Maddie Stone (@maddiestone) March 16, 2023
Although Samsung has released security updates that fix these vulnerabilities in affected chipsets for other vendors, these patches are not publicly available and cannot be applied by all impacted users.
The patch timeline for each manufacturer’s devices may vary, but Google, for example, has already addressed CVE-2023-24033 for affected Pixel devices in its March 2023 security updates.
However, “until patches are available, users can thwart baseband RCE exploitation attempts targeting Samsung’s Exynos chipsets in their device by disabling Wi-Fi calling and Voice-over-LTE (VoLTE) to remove the attack vector,” according to the report.
Samsung also confirmed the efficacy of this workaround, stating that “users can disable WiFi calling and VoLTE to mitigate the impact of this vulnerability.”
“As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities,” Willis added.
Samsung Exynos chipsets are used in various devices, including smartphones, tablets, and smartwatches, making this a widespread security concern.
The discovery of these vulnerabilities highlights the need for continued scrutiny and improvement in the cybersecurity field, especially as more and more devices rely on complex chipsets for communication and data processing.