Google’s Project Zero security research team has discovered 18 security issues related to Samsung’s Exynos chipsets used in smartphones, mobile devices, wearables and cars.
Four of the 18 reported vulnerabilities are critical and could allow cybercriminals to remotely hack smartphones using just a user’s phone number.
Tim Willis, head of Project Zero, said that tests conducted by the company confirmed that the four vulnerabilities allow a hacker to “remotely spoof a phone at the baseband level without user interaction.”
“With limited additional research and development, we believe that skilled attackers will be able to quickly create a functional exploit to silently and remotely compromise affected devices,” Willis said.
However, 14 other vulnerabilities are not as serious, as they require either a malicious mobile network operator or an attacker with local access to the device, according to the report.
Affected mobile devices include South Korean Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series phones.
Other devices include the Chinese brand Vivo’s, S16, S15, S6, X70, X60 and X30 series phones; Google’s Pixel 6 and Pixel 7 series phones; and all vehicles using the Exynos Auto T5123 chipset.
In accordance with its standard disclosure policy, Project Zero discloses security vulnerabilities to the public after a certain period of time after it has disclosed them to a software or hardware vendor.
It’s still not clear.
Project Zero researchers expect patch times to vary by manufacturer. For example, the problematic Pixel devices have already received a security update this month. While Google has already fixed the issues for the Pixel 7 series phones, the update has yet to reach the Pixel 6 series phones.
In the meantime, Google recommends that users with affected devices can protect themselves from the vulnerabilities by disabling Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. VoLTE is the way phones and carriers transmit our voice during a call.
“We encourage end users to update their devices as soon as possible to ensure they are running the latest builds that address both disclosed and undisclosed security vulnerabilities,” Willis said.
Samsung, which was the largest smartphone maker last year, and other vendors have yet to resolve the issues affecting Exynos chips.
In September of last year, Samsung said that it had suffered a security breach in July that exposed the personal information of some customers in the United States.
Updated: March 18, 2023, 4:00 am