From a study conducted by the Google security team, Project Zero has been informed of the presence of several weaknesses in the modem integrated in some Samsung Exynos processors. This processor affects recently released devices such as the Samsung Galaxy and Google Pixel series.
In the recently released report, it is specified that this security flaw, identified as CEVE-2023-24033, affects the vulnerability of smartphones, wearables and other types of devices. Given this fact and to correct it, they have worked hand in hand with Samsung to find a solution to the problem.
MS Recommends
A cybersecurity problem with great consequences
For a device to have quality functionality, the processor is key, and for this, the more advanced it is, the better the performance that the device will give. For this reason, high-end phones have the best processors in terms of technology. In the same way that iPhone devices have their own chip, in Android phones, the competition is between Exynos and Snapdragon processors.
The operation of the processor influences almost the entire future of the device, which is why now this notice that threatens their security seems so important. This division of Google security analysts has discovered a bug that severely exposed the devices, just by obtaining the phone number. This bug allowed cybercriminals to remotely attack and control these devices without the interaction of their owner.
According to sources, it has been learned that Google had already reported that from the end of 2022 and the beginning of 2023, the Project Zero had alerted a total of 18 zero-day vulnerabilities in Samsung Exynos processors, manufactured by Samsung itself. The real problem has come when of those 18 failures, four were considered to have a more serious character than the restas they “allow an attacker to remotely compromise a device at the baseband level.”
Google has stated through its report that “with additional research and development, we believe that attackers could create an operational ‘exploit’ to compromise affected devices silently.” Regarding the rest of the errors found, Project Zero has determined that they have not been as dangerous, since in order to exploit them, cybercriminals needed local access to the affected devices.
Many are the devices affected by the security problem
It has been the South Korean company Samsung that has shared from this Google statement, the list of device models that have been affected by these security problems.
- Samsung Galaxy phones. Includes those of the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
- Live Phones. Including in them those of the S16, S15, S6, X70, X60 and X30 series.
- Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro.
- Any portable, wearable device that uses the Exynos W920 chipset.
- Any vehicle that is equipped with the Exynos Auto T5123 chipset.
Precautions while the fix patch arrives
Samsung and Google are already working hard on the patch that will be responsible for solving these security flaws that will appear with the March Android security updatebut both companies have advised users a series of tips while the update is available.
The recommendation in this regard is disable Wi-Fi calling features and Voice over Network (VoLTE) calls through the settings of the devices themselves, thus preventing cybercriminals from taking advantage of vulnerabilities. For its part, Google is already developing patches to correct the errors present in its Pixel devices.