Google says Exynos chips put several phones at security risk (Updated)

Google says Exynos chips put several phones at security risk (Updated)

Samsung Galaxy S22 Ultra vs Google Pixel 6 Pro rear on table

Eric Zeman / Android Authority

Galaxy S22 Ultra vs Pixel 6 Professional

TLDR

  • Google’s Undertaking Zero has uncovered 18 energetic vulnerabilities on Samsung’s Exynos modems.
  • Four of individuals vulnerabilities can give hackers obtain to your cellphone by merely realizing your telephone variety.
  • Impacted products utilizing the unsafe Exynos modems include the Galaxy S22 series and a number of other telephones.

Update: March 20, 2023 (11:07 PM ET): Google has rolled out the March 2023 stability patch for the Pixel 6, Pixel 6 Professional, and Pixel 6a. This usually means that the phones are no more time exposed to the protection challenges posed by affected Exynos chips.


Initial write-up: March 17, 2023 (12:38 AM ET): Google’s Task Zero security investigate crew has posted a weblog highlighting lively vulnerabilities in Samsung’s Exynos modems. Four of the 18 noted stability concerns with the Samsung chips in concern are serious and could give hackers access to your telephones with just the assist of your telephone quantity.

Security scientists normally really do not disclose vulnerabilities until finally soon after they are settled. Nonetheless, it looks Samsung has been dragging its feet on the concern. Task Zero researcher Maddie Stone tweeted (by way of TechCrunch) that “end-users still don’t have patches 90 times following the report.”

According to researchers, the subsequent phones and other equipment, like automobiles, can be compromised if hackers were to exploit the at-danger Exynos chips:

  • Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 sequence.
  • Vivo S16, S15, S6, X70, X60 and X30 collection.
  • The Pixel 6 and Pixel 7 sequence.
  • Any motor vehicles that use the Exynos Automobile T5123 chipset.

Notably, Google has patched the issues in its March safety update for Pixel 7 sequence. On the other hand, the update continue to has not attained the Pixel 6, Pixel 6 Pro, and Pixel 6a, which indicates these phones are not at present harmless from hackers able of exploiting the specified internet-to-baseband remote code execution vulnerability.

“With restricted extra exploration and progress, we imagine that qualified attackers would be in a position to rapidly produce an operational exploit to compromise impacted devices silently and remotely,” Venture Zero mentioned in its report.

How can you secure yourself?

When we await Samsung and other distributors to solve the troubles impacting the Exynos chips, Google endorses you convert off Wi-Fi calling and Voice-about-LTE (VoLTE) on the affected units. You should also preserve an eye out for any future safety updates and seize them as before long as attainable.