Several zero days are plaguing Android devices with Samsung chips, warns Google

Share to friends
Listen to this article

Google is warning that some Samsung-powered Android gadgets are affected by high-severity vulnerabilities which permit menace actors to compromise the endpoints remotely with out user interplay.

In a weblog post revealed on the Project Zero web site earlier this week, Google’s researchers said that they reported 18 zero-day vulnerabilities discovered in Samsung’s Exynos Modems in late 2022 and early 2023. Of these 18, 4 are high-severity, permitting for internet-to-baseband distant code execution.

With many organizations counting on cellular gadgets power their workforce, financially-motivated hackers, in addition to state-sponsored menace actors from China and Russia, for instance, will search to use these flaws in malicious campaigns of knowledge theft and espionage.

No user interplay required

“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,” the researchers said.

Read more

> Google warns tens of millions of Android gadgets may very well be liable to assault on account of this flaw

> This creepy Android flaw can detect your identification and even gender

> These are one of the best malware elimination instruments round

Of the 4 vulnerabilities, only one has an assigned CVE – CVE-2023-24033. The different three are pending. 

Given that the Android ecosystem is decentralized, the velocity at which the failings obtain patches relies on the producers. Google, for instance, has already patched these flaws for its Pixel smartphone lineup, in its March update. 

For others, reminiscent of Samsung, or Vivo, it relies on how briskly these corporations react. For that cause, Google determined to not share more particulars in regards to the flaws, in order to not give the attackers any head begin.

In anticipation of the patch, IT groups who’re frightened in regards to the flaws can go for a workaround – turning off Wi-Fi calling and Voice-over-LTE (VoLTE) primarily renders the vulnerabilities innocent.

Here’s the total checklist of all of the affected gadgets, as per Google’s Project Zero:

  • Mobile gadgets from Samsung, together with these in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 collection;
  • Mobile gadgets from Vivo, together with these in the S16, S15, S6, X70, X60 and X30 collection;
  • The Pixel 6 and Pixel 7 collection of gadgets from Google;
  • any wearables that use the Exynos W920 chipset; and
  • any automobiles that use the Exynos Auto T5123 chipset.

Given that the failings only have an effect on Android gadgets operating on Exynos, the information comes as an surprising win for Qualcomm, particularly in the SMB sector. Whether or not the corporate capitalizes on the information and the way stays to be seen.

  • Here’s our rundown of one of the best endpoint safety providers right now

Via: TechCrunch