Google warns of severe security risks on several phones (updated)

[ad_1]

Samsung Galaxy S22 Ultra and Google Pixel 6 Pro wallpaper on the table

Eric Zeeman / Android Authority

Galaxy S22 Ultra vs Pixel 6 Pro

TL; DR

  • Google’s Project Zero discovered 18 active vulnerabilities in Samsung’s Exynos modems.
  • Four of these vulnerabilities can give hackers access to your phone just by knowing your phone number.
  • Affected devices that use unsecured Exynos modems include the Galaxy S22 series, Pixel 6 series, and several other phones.

Update: March 20, 2023 (1:16 a.m. ET): Samsung Semiconductor has updated the file Warnings To remove the Exynos W920 as an affected chip, so we have also removed it from the affected devices section mentioned below. Furthermore, Samsung has indicated to Google that the Galaxy A21s is the correct affected device, not the A21 as originally stated. We also fixed that in the list of affected devices.


Original article: March 17, 2023 (12:38 a.m. ET): Google’s Project Zero is owned by the security research team Post a blog Highlighting active vulnerabilities in Samsung Exynos modems. Four out of the 18 reported security issues with the Samsung chips in question are serious and could give hackers access to your phones with the help of just your phone number.

Security researchers usually don’t reveal security vulnerabilities until after they’ve been resolved. However, Samsung seems to have been slowing down on this issue. Project Zero researcher Maddie Stone chirp (via Techcrunch) that “end users still do not have patches 90 days after the report”.

According to the researchers, the following phones and devices, including vehicles, can be hacked if hackers exploit the vulnerable Exynos chips:

  • Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 series.
  • Vivo S16, S15, S6, X70, X60, and X30 series.
  • Pixel 6 and Pixel 7 series.
  • Any vehicles using Exynos Auto T5123 chipset.

Notably, Google has corrected the issues in the March security update for the Pixel 7 series. However, the update still hasn’t reached the Pixel 6, Pixel 6 Pro, and Pixel 6a, which means that these phones are not currently safe from hackers able to exploit the specific vulnerability from the internet to the baseband for remote code execution.

“With limited additional research and development, we believe that skilled attackers will be able to quickly create an operational vulnerability to compromise affected devices silently and remotely,” Project Zero noted in its report.

How can you protect yourself?

While we wait for Samsung and other vendors to resolve issues affecting Exynos chipsets, Google recommends that you turn off Wi-Fi calling and Voice-over-LTE (VoLTE) on affected devices. You should also keep an eye out for any upcoming security updates and get them as soon as possible.



[ad_2]

Source link

Related Posts

Precaliga