As per google's research team "Project Zero", a total of 18 zero-day vulnerability have been uncovered in some phones' built-in Exynos modem. Out of these, 4 vulnerabilities are severe:
Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only the knowledge the victim’s phone number.Knowing victim's phone number is an easy step and with some skills to understand and develop the exploit can enable attacker to silently compromise the device.
According to the researchers, the other vulnerabilities require either a malicious mobile network operator or an attacker with physical access to the Android device. Vulnerable devices include:
Samsung smartphones, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
Vivo smartphones, including those in the S16, S15, S6, X70, X60 and X30 series;
Google Pixel 6 and Pixel 7 devices; and
There are also vulnerable vehicles that use the Exynos Auto T5123 chipset.
Note that devices using the Qualcomm chipset and modem insted of Exynos won't suffer from the same vulnerabilities.
Recommendation
Google’s recommendation is that you change your device’s settings to switch off Wi-Fi calling and Voice over LTE (VoLTE), until a fix for your smartphone is available.
Additionally, Google has already issued a security patch for your smartphone with its March 2023 security update. However, if you’re the owner of a vulnerable Samsung smartphone, fixes still aren’t available according to at least one Google Project Zero researcher.
References:
Comentarios