Google has dedicated a security research team to finding loopholes that enable hackers to extort users. The Project Zero team found a vulnerability in Samsung Exynos modems. Needless to say, these modems are used in different smartphones, including the Pixel 6, 7, and some Galaxy phones like the Galaxy S22 and A53.
In a blog post, the team shows that the Exynos modems have serious vulnerabilities. What’s more, these vulnerabilities can help cyber attackers in getting access to users’ smartphones at the baseband level without any user interaction. All they need is the user’s phone number, and they are good to go. Samsung has to do something to fix this, and I think it is on its way to combat these issues.
Experienced Hackers Can Effectively Exploit Samsung Samsung Modem Vulnerabilities…
The Project Zero team warns the Galaxy phone maker that a professional hacker can easily exploit the issue. Most importantly, the hacker does not need any high-resolution technique but limited additional research and development.
Google claims that this month’s security patch will surely fix the problem. However, its flagship devices, including Google Pixel 6, 6 Pro, and 6A, will not receive the security patch. If you have one of the following devices, you are at risk of becoming a victim:
- Galaxy A04, A12, A13, A21, A33, A71, M12, M33, M13, and S22 series.
- Vivo X30, X60, X70, S6, S15 and S16 series.
Other than this, your smart vehicles and wearables are at risk if they are powered by the Exynos Auto T5123 or Exynos W920 chipsets. Most importantly, hackers will need to use one of the affected Samsung Exynos modems to get into the devices.
Gizchina News of the week
I listed the S22 series in the list, but there is a slight sign of relief for Samsung Galaxy S22 owners. The reason is that devices outside Europe and some African countries use Qualcomm chipsets; therefore, they are safe.
However, most mid-range Samsung smartphones, such as the A53 and European S22 series, are vulnerable to hacking attempts. S21 and S23 are safe as major Samsung flagship devices feature Qualcomm processors.
How To Protect Yourself From These Vulnerabilities?
In total, Google’s team found 18 vulnerabilities, and these are not minor ones that can be easily exploited. The Project Zero team suggests users turn off Wi-Fi calling and Voice-over-LTE. Traditionally, security researchers wait until a fix is available, but it’s too early to reveal this time.
That gives hackers plenty of time to make the most of this exploit. Maddie Stone, a Project Zero researcher, tweeted, “End users still don’t have patches 90 days after the report.” This means that smartphone manufacturers will have to deal with these exploits on their own.
In numbers, there are nearly 18 vulnerabilities in Samsung Exynos modems, and four of them are highly severe. These four can allow “Internet-to-baseband remote code execution,” and Google says there is no fix for this at the moment. It is also not sharing any additional information.
All the other vulnerabilities are minor, requiring “either a malicious mobile operator or an attacker with local access to the device.” Overall, these are not good signs for Samsung, as the company is working on marketing its Exynos chips for a greater purpose.