The Exynos chipsets from Samsung, which are used in smartphones, mobile devices, wearable technology, and automobiles, have 18 security issues, according to Google’s Project Zero security study team. Four of the 18 reported flaws are serious, and with just the user’s phone number, cybercriminals could remotely hack smartphones.
Tim Willis, head of Project Zero, said tests performed by the company confirmed that those four vulnerabilities enable a hacker to “remotely compromise a phone at the baseband level with no user interaction”.
According to Mr. Willis, experienced attackers could easily develop a working exploit to silently and remotely compromise affected devices with only a small amount of additional research and development. The 14 additional vulnerabilities, according to the study, are less dangerous because they don’t require a malicious mobile network operator or an intruder with physical access to the target device.
Mobile phones from Samsung, a South Korean firm, in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 series are among those that are impacted. Other gadgets include the Exynos Auto T5123 chipset-powered cars and the S16, S15, S6, X70, X60, and X30 line smartphones from Chinese manufacturer Vivo.
In accordance with its standard disclosure policy, Project Zero notifies the public of security flaws a predetermined amount of time after disclosing them to a vendor of software or hardware. Researchers from Project Zero anticipate that manufacturers will have different fix release schedules. For instance, a security update was already applied to affected Pixel smartphones this month. Google has already fixed the bugs on Pixel 7 series phones, but the Pixel 6 series phones have not yet received the update.
Google advises users with affected devices to disable Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings in the interim to safeguard themselves from the vulnerabilities. Phones and carriers transmit our voices over VoLTE while we are on a conversation. In order to make sure their devices are running the most recent builds that patch both publicly known and privately known security vulnerabilities, Mr. Willis advised end users to update their devices as soon as feasible.
The problems with the Exynos chips haven’t been solved by Samsung, which was last year’s top smartphone maker, or other vendors. In September of last year, Samsung disclosed that a cyber security breach in July had resulted in the exposure of some US customers’ confidential data.