Google warns about some Android powered by Samsung. (opens in new tab) The device suffers from critical vulnerabilities that allow attackers to remotely compromise endpoints without user intervention.
in a blog post (opens in new tab) Published on the Project Zero website earlier this week, Google researchers said they had reported 18 zero-day vulnerabilities found in Samsung’s Exynos modems through late 2022 and early 2023. Remote code execution.
As many organizations rely on mobile devices to power their workforce, financially motivated hackers and state-sponsored threat actors such as those in China and Russia have become increasingly popular in malicious campaigns for data theft and espionage. attempts to exploit these flaws.
No user interaction required
“Tests conducted by Project Zero confirm that these four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level without user interaction, allowing the attacker to know the victim’s phone number. With limited additional research and development, we believe skilled attackers can rapidly create operational exploits to silently and remotely compromise affected devices. ,” said the researcher.
Only one of the four vulnerabilities has been assigned CVE-2023-24033. The remaining three are pending.
Given the decentralization of the Android ecosystem, manufacturers vary in how quickly defects receive patches. For example, Google has already patched these flaws in its Pixel smartphone lineup with his March update.
For other companies such as Samsung and Vivo, it depends on how quickly they respond. As such, in order to avoid giving attackers a head start, Google has decided not to publish details about the flaw.
Expecting patches and worrying about defects, IT teams can take workarounds. Turning off Wi-Fi calling and Voice-over-LTE (VoLTE) essentially renders the vulnerability harmless.
Here’s the full list of all affected devices, according to Google’s Project Zero:
Samsung mobile devices, including the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series.
Vivo mobile devices including S16, S15, S6, X70, X60, X30 series.
Google’s Pixel 6 and Pixel 7 series devices.
Wearables using the Exynos W920 chipset.and
All vehicles using the Exynos Auto T5123 chipset.
Given that the flaw only affects Android devices running on Exynos, the news comes as an unexpected win for Qualcomm, especially in the SMB sector. It remains to be seen if and how the company will capitalize on this news.
Via: TechCrunch (opens in new tab)
