Google has warned users regarding an alarming set of vulnerabilities found in certain Samsung chips, included in dozens of popular Android models, wearables, and vehicles. Google said that this set of vulnerabilities could be discovered and exploited soon. Google’s Project Zero head Tim Willis said that security researchers reported 18 zero-day vulnerabilities in Exynos modems produced by Samsung from late 2022 to early 2023.
Four Set of Vulnerabilities Won’t Even Require User Interaction
Tim says four top-severity flaws could compromise affected devices silently and remotely over the cellular network. “Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” reads the blog post.
The report said the other 14 vulnerabilities were not quite as severe, as they require either a malicious mobile network operator or an attacker with local access to the device. Project Zero researcher, Maddie Stone, said that Samsung had 90 days to patch the bugs, but it hasn’t yet. Samsung also confirmed in a March 2023 security listing that several Exynos modems are vulnerable, affecting several Android device manufacturers.
The Affected Devices
The list of affected devices likely includes:
• Samsung mobile devices, including the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
• Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series;
• Google Pixel 6 and Pixel 7 series;
• Connected vehicles that use the Exynos Auto T5123 chipset
Also read: Google Chrome is World’s Most Vulnerable Browser, Claims Survey