News

Certain Samsung Phones Susceptible to 18 Zero-Days Vulnerabilities

As far as security flaws go, zero-day vulnerabilities are among the worst. These vulnerabilities were unknown to the developer of the software, opening the risk that bad actors could find an exploit before a patch could be created. Samsung is currently dealing with a zero-day crisis in its smartphones, as some are susceptible to a whopping 18 zero-days. Researchers at
March 21, 2023
 / 
meritsolutions
 / 
Leave a Comment
 / 
Image

As far as security flaws go, zero-day vulnerabilities are among the worst. These vulnerabilities were unknown to the developer of the software, opening the risk that bad actors could find an exploit before a patch could be created. Samsung is currently dealing with a zero-day crisis in its smartphones, as some are susceptible to a whopping 18 zero-days.

Researchers at Google Project Zero discovered the 18 zero-day vulnerabilities between last last 2022 and early 2023. These zero-days affect Samsung phones with an Exynos modem, which is good news for Samsung users in the US, since the company opts for Qualcomm parts over Exynos. For much of the world, however, where Exynos Samsung smartphones are hugely popular, this is a major concern.

The group of 18 vulnerabilities includes four that allow for “internet-to-baseband remote code execution,” which would allow bad actors to issue a zero-click attack if they knew the victim’s phone number. A zero-click attack means the victim doesn’t have to do anything on their end to trigger the attack, making them incredible dangerous. And, since the attack deals with the phone’s modem, hackers would have access to things like calls and texts.

Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction and require only that the attacker know the victim’s phone number … With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

Tim Willis, head of Project Zero

The following devices are reportedly affected by the vulnerabilities:

  • Exynos 850
  • Exynos 980
  • Exynos 1080
  • Exynos 1280
  • Exynos 2200
  • Exynos Modem 5123
  • Exynos Modem 5300
  • Exynos Auto T5123
  • Mobile devices from Samsung: S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
  • Mobile devices from Vivo: S16, S15, S6, X70, X60 and X30 series
  • Mobile devices from Google: Pixel 6 and Pixel 7 series
  • Any wearables that use the Exynos W920 chipset
  • Any vehicles that use the Exynos Auto T5123 chipset

If your device is affected, the current advice is to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in your phone’s settings. Samsung will likely issue a patch for these issues soon.

Photo by Daniel Romero on Unsplash

Share This

Leave a Reply

More Articles

Featured image for “Don’t Send Important Business Information Over SMS”
Apr. 16, 2024

Don’t Send Important Business Information Over SMS

Featured image for “How Following Cybersecurity Best Practices Keeps Your Accounts Safe”
Apr. 16, 2024

How Following Cybersecurity Best Practices Keeps Your Accounts Safe

Featured image for “Do You Know What’s in That Browser Extension?”
Apr. 09, 2024

Do You Know What’s in That Browser Extension?

Featured image for “AI Poses Risk to U.K. Elections”
Apr. 09, 2024

AI Poses Risk to U.K. Elections

Featured image for “New macOS Malware Tricks Users Into Enabling It”
Apr. 01, 2024

New macOS Malware Tricks Users Into Enabling It

View All

Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.