Techno Blender
Digitally Yours.

Google finds major security flaw in smartphones with Samsung Exynos modems: list of devices affected

0 45


Furthermore, the team has also warned that hackers could exploit the issue “with only limited additional research and development.” While Google said the March security update for Pixel phones should fix the issue, it was not available for the Pixel 6, Pixel 6 Pro, and Pixel 6a yet.

List of devices at risk

According to researchers, the devices that may be at risk include the Samsung Galaxy S22, Galaxy M33, Galaxy M13, Galaxy M12, Galaxy A71, Galaxy A53, Galaxy A33, Galaxy A21, Galaxy A13, Galaxy A12 and Galaxy A04. Besides Samsung phones, Vivo phones such as the Vivo S16, Vivo S15, Vivo X70, Vivo X60, and Vivo X30 series. Any wearable and vehicle that uses the Exynos W920 and Exynos Auto T5123 chipsets are also vulnerable.

Do note that not all the models mentioned above are vulnerable as they have to use the affected Samsung modems. The Samsung Galaxy S22 models sold outside of Europe and some African countries have a Qualcomm processor and use the in-house modem. This means they should be safer to use.

The Samsung Galaxy S21 and Galaxy S23 models could be safe to use since they use Qualcomm worldwide, and the older ones with the Exynos chips use a modem that doesn’t appear on Samsung’s list of chips that are affected. If you are worried whether your device might be affected, team Project Zero says users can protect themselves by turning off Wi-Fi calling and voice-over LTE.

Still no fix yet

Traditionally, security researchers report about the bugs/vulnerabilities only when a fix is available or until it’s been a certain amount of time since they reported it and there appears to be no fix in sight. In this case, the latter appears to be the case as TechCrunch notes, Project Zero researcher Maddie Stone tweeted that “end-users still don’t have patches 90 days after the report.” This could be a problem on Samsung and other vendors’ part as they need to deal with it.

Project Zero in total found 18 vulnerabilities in the modems. Four among them are really bad ones that allow “Internet-to-baseband remote code execution.” Google says that it is not sharing additional information on those at the moment. The rest are minor that requires “either a malicious mobile network operator or an attacker with local access to the device.”




Furthermore, the team has also warned that hackers could exploit the issue “with only limited additional research and development.” While Google said the March security update for Pixel phones should fix the issue, it was not available for the Pixel 6, Pixel 6 Pro, and Pixel 6a yet.

List of devices at risk

According to researchers, the devices that may be at risk include the Samsung Galaxy S22, Galaxy M33, Galaxy M13, Galaxy M12, Galaxy A71, Galaxy A53, Galaxy A33, Galaxy A21, Galaxy A13, Galaxy A12 and Galaxy A04. Besides Samsung phones, Vivo phones such as the Vivo S16, Vivo S15, Vivo X70, Vivo X60, and Vivo X30 series. Any wearable and vehicle that uses the Exynos W920 and Exynos Auto T5123 chipsets are also vulnerable.

Do note that not all the models mentioned above are vulnerable as they have to use the affected Samsung modems. The Samsung Galaxy S22 models sold outside of Europe and some African countries have a Qualcomm processor and use the in-house modem. This means they should be safer to use.

The Samsung Galaxy S21 and Galaxy S23 models could be safe to use since they use Qualcomm worldwide, and the older ones with the Exynos chips use a modem that doesn’t appear on Samsung’s list of chips that are affected. If you are worried whether your device might be affected, team Project Zero says users can protect themselves by turning off Wi-Fi calling and voice-over LTE.

Still no fix yet

Traditionally, security researchers report about the bugs/vulnerabilities only when a fix is available or until it’s been a certain amount of time since they reported it and there appears to be no fix in sight. In this case, the latter appears to be the case as TechCrunch notes, Project Zero researcher Maddie Stone tweeted that “end-users still don’t have patches 90 days after the report.” This could be a problem on Samsung and other vendors’ part as they need to deal with it.

Project Zero in total found 18 vulnerabilities in the modems. Four among them are really bad ones that allow “Internet-to-baseband remote code execution.” Google says that it is not sharing additional information on those at the moment. The rest are minor that requires “either a malicious mobile network operator or an attacker with local access to the device.”

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.
Leave a comment