Google’s Project Zero division has discovered a serious security flaw in the modem of some Samsung Exynos processors.
Several severe vulnerabilities present in the integrated modem on some Samsung Exynos processors, it would have exposed series devices Samsung Galaxy or google pixel released in recent years. It has been the specialized security division of Google, zero projectwho has discovered the breach and has worked together with Samsung with the aim of correcting the problems.
In the report, it is specified that the vulnerabilities affect both smartphones like wearable and other types of devices. The security flaw has been identified as CEVE-2023-24033 and refers to a gap that would allow remote code execution via Internet.
The Pixel 6 and 7 would be affected by the problem
Although Project Zero claims to have discovered a total of eighteen vulnerabilities during late 2022 and early 2023, acknowledge that four of them are especially serioussince they “allow an attacker to remotely compromise a device at the baseband level”, without the need for user interaction.
Attacks could be carried out simply knowing the victim’s phone numberand it is believed that expert attackers could have quickly created an exploit to take advantage of this gap in a “silent and remote” way.
From Samsung’s semiconductor division they have shared a list with affected device models for these security breaches. They are the following:
- Samsung Galaxy phones including S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
- Vivo phones including S16, S15, S6, X70, X60 and X30 series
- Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro
- Any portable device using Exynos W920 chipset
- Any vehicle using the Exynos Auto T5123 chipset
Although the patch responsible for solving these vulnerabilities have been released together with the March Android security updateuntil such update is more widely available, owners of affected devices are advised to disable Wi-Fi and VoLTE calling features through the system settings. This prevents attackers from taking advantage of vulnerabilities for malicious purposes.