Google Discovers 18 Zero-Day Vulnerabilities In Samsung Exynos Chips: What It Means

Google safety groups have found 18 zero-day vulnerabilities in Samsung Exynos chips utilized in a number of high Android smartphones and wearables which will put these gadgets in danger.

Google’s Project Zero head Tim Willis mentioned in a weblog submit that 4 most extreme of those vulnerabilities “allowed for Internet-to-baseband distant code execution”.

Tests conducted by Project Zero confirmed that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number.

With limited additional research and development, “we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely”, mentioned Google safety researchers.

“Until safety updates can be found, customers who want to defend themselves from the baseband distant code execution vulnerabilities in Samsung’s Exynos chipsets can flip off Wi-Fi calling and Voice-over-LTE (VoLTE) of their system settings,” mentioned Willis.

Turning off these settings will remove the exploitation risk of these vulnerabilities, he added.

The affected mobile devices are from Samsung, Vivo, Google (Pixel 6 and Pixel 7 series); any wearables that use the Exynos W920 chipset; and any vehicles that use the Exynos Auto T5123 chipset.

Google expects that patch timelines will vary per manufacturer, and affected Pixel devices have already received a fix.

“As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities,” mentioned Google.

Read all of the Latest Tech News right here

(This story has not been edited by News18 workers and is revealed from a syndicated information company feed)