Briefly: Google has issued a warning to customers of sure Android handsets, wearables, and autos after its Venture Zero staff of safety analysts reported eighteen zero-day vulnerabilities in Exynos Modems produced by Samsung.
Google Venture Zero head Tim Willis wrote that the 4 most critical of the eighteen vulnerabilities, all of which had been reported in late 2022 and 2023, enable an attacker to remotely compromise a cellphone on the baseband degree with no consumer interplay. Compromising a susceptible machine would solely require an attacker to know a goal’s cellphone quantity.
A hacker exploiting one of many vulnerabilities would achieve complete entry to all the information transferring to and from the machine, together with calls, texts, and mobile knowledge. Willis writes that expert attackers may rapidly create an operational exploit to compromise affected gadgets silently and remotely.
The remaining 14 vulnerabilities weren’t as extreme, as they require both a malicious cell community operator or an attacker with native entry to the machine.
Pixel homeowners do not have to fret
Google listed among the gadgets that includes the Exynos chipsets which might be possible impacted by the vulnerabilities:
- Cellular gadgets from Samsung, together with these within the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 sequence
- Cellular gadgets from Vivo, together with these within the S16, S15, S6, X70, X60 and X30 sequence
- The Pixel 6 and Pixel 7 sequence of gadgets from Google
- Any wearables that use the Exynos W920 chipset (inc., the Galaxy Watch 4 and 5)
- Any autos that use the Exynos Auto T5123 chipset.
The excellent news for homeowners of affected Pixel gadgets is that they had been already patched within the March 2023 safety replace. Venture Zero researcher Maddie Stone tweeted that regardless of having 90 days to patch the vulnerabilities, Samsung nonetheless hasn’t finished so.
Finish-users nonetheless do not have patches 90 days after report…. https://t.co/dkA9kuzTso
— Maddie Stone (@maddiestone) March 16, 2023
For homeowners of the handsets which have but to be patched, Google recommends switching off Wi-Fi calling and Voice over LTE (VoLTE) within the machine settings to take away the exploitation danger of those vulnerabilities.