Google finds 18 zero-day vulnerabilities in Samsung Exynos chips: what it means
Google’s security teams have discovered 18 zero-day vulnerabilities in several top Android smartphones and Samsung Exynos wearable chips that could compromise those devices.
Google’s Project Zero director Tim Willis said in a blog post that the four most serious of these vulnerabilities “allow remote code execution from the Internet into baseband.”
Tests by Project Zero confirmed that these four vulnerabilities allow an attacker to remotely compromise a phone’s baseband without user intervention and only require the attacker to know the victim’s phone number.
With limited additional research and development, “we believe that skilled attackers will be able to quickly create a functional exploit to silently and remotely compromise affected devices,” said Google security researchers.
“Until security updates are available, users who want to protect against baseband code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings,” Willis said.
Disabling these settings eliminates the risk of exploiting these vulnerabilities, he added.
The relevant mobile devices are from Samsung, Vivo, Google (Pixel 6 and Pixel 7 series); all wearables using the Exynos W920 chipset; and all vehicles using the Exynos Auto T5123 chipset.
Google expects patch times to vary by manufacturer, and the affected Pixel devices have already received a patch.
“As always, we encourage end users to update their devices as soon as possible to ensure they are running the latest builds that address both disclosed and undisclosed security vulnerabilities,” said Google.
Read all the Latest Tech News here.
