Eric Zeman / Android Authority
Galaxy S22 Extremely vs Pixel 6 Professional
TL;DR
- Google’s Undertaking Zero has discovered 18 lively vulnerabilities on Samsung’s Exynos modems.
- 4 of these vulnerabilities may give hackers entry to your telephone by merely figuring out your telephone quantity.
- Affected gadgets utilizing the unsafe Exynos modems embody the Galaxy S22 sequence, Pixel 6 sequence, and a number of other different telephones.
Replace: March 20, 2023 (1:16 AM ET): Samsung Semiconductor up to date its advisories to take away the Exynos W920 as an affected chipset, so we’ve got additionally eliminated it from the below-mentioned affected gadgets part. Furthermore, Samsung has clarified to Google that the Galaxy A21s is the right affected system, not the A21 as initially acknowledged. We’ve additionally fastened that within the record of the affected gadgets.
Authentic article: March 17, 2023 (12:38 AM ET): Google’s Undertaking Zero safety analysis staff has posted a weblog highlighting lively vulnerabilities in Samsung’s Exynos modems. 4 of the 18 reported safety points with the Samsung chips in query are extreme and will give hackers entry to your telephones with simply the assistance of your telephone quantity.
Safety researchers normally don’t disclose vulnerabilities till after they’re resolved. Nevertheless, it appears Samsung has been dragging its toes on the difficulty. Undertaking Zero researcher Maddie Stone tweeted (through TechCrunch) that “end-users nonetheless don’t have patches 90 days after the report.”
In accordance with researchers, the next telephones and different gadgets, together with automobiles, could be compromised if hackers have been to use the at-risk Exynos chips:
- Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 sequence.
- Vivo S16, S15, S6, X70, X60 and X30 sequence.
- The Pixel 6 and Pixel 7 sequence.
- Any automobiles that use the Exynos Auto T5123 chipset.
Notably, Google has patched the problems in its March safety replace for Pixel 7 sequence. Nevertheless, the replace nonetheless hasn’t reached the Pixel 6, Pixel 6 Professional, and Pixel 6a, which suggests these telephones aren’t at the moment protected from hackers able to exploiting the required internet-to-baseband distant code execution vulnerability.
“With restricted further analysis and growth, we consider that expert attackers would be capable to shortly create an operational exploit to compromise affected gadgets silently and remotely,” Undertaking Zero famous in its report.
How are you going to shield your self?
Whereas we await Samsung and different distributors to resolve the problems affecting the Exynos chips, Google recommends you flip off Wi-Fi calling and Voice-over-LTE (VoLTE) on the affected gadgets. You must also preserve an eye fixed out for any upcoming safety updates and seize them as quickly as attainable.
