Futurism logo

Dangerous vulnerabilities in Samsung and Google smartphones

Google's security department warns of dangerous vulnerabilities that attackers can use to take control of smartphones. All they need to do is know the phone number. Several Samsung devices and Google Pixel phones are affected. Users should act quickly.

By Dan OproiuPublished about a year ago 3 min read
Like

Critical security gaps exist in many current smartphones and other devices, some of which cannot yet be closed by updates. Security researchers from Google's Project Zero write that the four most serious vulnerabilities out of a total of 18 allowed attackers to gain full control over devices. All you would need to know is a victim's phone number.

It is assumed that experienced attackers could quickly create an operational exploit without much effort in order to remotely compromise affected devices unnoticed, according to the blog post. The gaps are therefore in Exynos modems from Samsung. Not only devices from the South Korean company are threatened, but also those of other manufacturers.

Google itself was also affected

Based on the list of vulnerable Exynos chipsets, Project Zero assumes that the Samsung Galaxy smartphones S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 as well as Google's Pixel 6 and Pixel 7 devices are affected. The vulnerability also threatens all smartwatches and other wearables with the Exynos W920 chipset and all cars that have the Exynos Auto T5123 installed.

With the Pixel 7 and Pixel 7 Pro, the vulnerabilities are currently being fixed by the March security update. When the update for the Pixel 6 series and the other devices mentioned will come is still open. The security researchers advise their users to disable Wifi calls and VoLTE in the settings. This would eliminate the threat, they write.

Typically, Project Zero discloses vulnerabilities at a given point in time, whether or not a vendor has responded by then. In the case of the four particularly critical vulnerabilities, the security researchers make a rare exception and continue to wait. One reason for this is that attackers can very quickly exploit the vulnerabilities with the information.

Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.

The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset.

Four of the 18 flaws make it possible for a threat actor to achieve internet-to-Samsung, Vivo, and Google, as well as wearables using the Exynos W920 chipset and vehicleses in late 2022 and early 2023, said.

"[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Tim Willis, head of Google Project Zero, said.

In doing so, a threat actor could gain entrenched access to cellular information passing in and out of the targeted device. Additional details about the bugs have been withheld.

"Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung's Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings," said Willis.

Turning off these settings will remove the exploitation risk of these vulnerabilities, he added.

The affected mobile devices are from Samsung, Vivo, Google (Pixel 6 and Pixel 7 series); any wearables that use the Exynos W920 chipset; and any vehicles that use the Exynos Auto T5123 chipset.

Google expects that patch timelines will vary per manufacturer, and affected Pixel devices have already received a fix.

"As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities," said Google.

artificial intelligenceproduct review
Like

About the Creator

Dan Oproiu

Dan Oproiu is an IT Programmer, providing digital transformation services for businesses from small sized to large enterprises.

Reader insights

Be the first to share your insights about this piece.

How does it work?

Add your insights

Comments

There are no comments for this story

Be the first to respond and start the conversation.

Sign in to comment

    Find us on social media

    Miscellaneous links

    • Explore
    • Contact
    • Privacy Policy
    • Terms of Use
    • Support

    © 2024 Creatd, Inc. All Rights Reserved.