The internal team of Google called Project Zero is dedicated to detect vulnerabilities of day zero in devices and software, especially related to mobiles. This includes open source processors, browsers and libraries used by these devices. At the end of 2022 and beginning of 2023, this team detected and reported 18 vulnerabilities zero-day found in modems samsung exynos. These are present in a multitude of brand devices.
Some of the vulnerabilities found are capable of run internet code at baseband level. As reported by this team, these vulnerabilities allow the attack to an affected user just knowing the phone number of this. The rest don’t seem to be as severe as it takes locally access the device or have a mobile phone operator that has bad intentions.
device list It does not only affect Samsungbut other brands also have this Exynos modem and therefore these vulnerabilities, among them we find:
- samsung of the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
- Alive S16, S15, S6, X70, X60 and X30 series.
- Google Pixel 6 and 7.
- chipped devices Exynos W920.
- chipped vehicles Exynos Auto T5123.
For the time being, and waiting for the data to be made available to users. patches that fix these vulnerabilitiesfrom Project Zero we recommend disable calls via Wifi and VoLTE on our devices. In this way, the options of exploiting these vulnerabilities will be considerably reduced.
End of Article. Tell us something in the Comments!
Juan Antonio Soto
I am a Computer Engineer and my specialty is automation and robotics. My passion for hardware began at the age of 14 when I gutted my first computer: a 386 DX 40 with 4MB of RAM and a 210MB hard drive. I continue to give free rein to my passion in the technical articles that I write at Geeknetic. I spend most of my free time playing video games, contemporary and retro, on the 20+ consoles I own, in addition to the PC.