Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Samsung Exynos

Project Zero, Google’s zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets used in mobile devices, wearables, and cars.

The Exynos modem security flaws were reported between late 2022 and early 2023. Four of the eighteen zero-days were identified as the most serious, enabling remote code execution from the Internet to the baseband.

These Internet-to-baseband remote code execution (RCE) bugs (including CVE-2023-24033 and three others still waiting for a CVE-ID) allow attackers to compromise vulnerable devices remotely and without any user interaction.

1/1 Continue watching after the ad Loading PodsVisit Advertiser websiteGO TO PAGE
PLAY Top Stories About Connatix V244601 BianLian ransomware gang shifts focus to pure data extortion Read More FakeCalls Android malware returns with new ways to hide on phones Read More Fortinet zero-day attacks linked to suspected Chinese hackers Read More Adobe Acrobat Sign abused to push Redline info-stealing malware Read More Conti-based ransomware ‘MeowCorp’ gets free decryptor Read More BianLian ransomware gang shifts focus to pure data extortion
BianLian ransomware gang shifts focus to pure data extortion

“The baseband software does not properly check the format types of accept-type attribute specified by the SDP, which can lead to a denial of service or code execution in Samsung Baseband Modem,” Samsung says in a security advisory describing the CVE-2023-24033 vulnerability.

The only information required for the attacks to be pulled off is the victim’s phone number, according to Tim Willis, the Head of Project Zero.

To make things even worse, with minimal additional research, experienced attackers could easily create an exploit capable of remotely compromising vulnerable devices without triggering the targets’ attention.

“Due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution,” Willis said.

The 14 remaining flaws (including CVE-2023-24072, CVE-2023-24073, CVE-2023-24074, CVE-2023-24075, CVE-2023-24076, and nine others awaiting CVE-IDs) are not as critical but still pose a risk. Successful exploitation requires local access or a malicious mobile network operator.

Based on the list of affected chipsets provided by Samsung, the list of affected devices includes but is likely not limited to:

  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
  • The Pixel 6 and Pixel 7 series of devices from Google;
  • any wearables that use the Exynos W920 chipset; and
  • any vehicles that use the Exynos Auto T5123 chipset.

Workaround available for affected devices

While Samsung has already provided security updates addressing these vulnerabilities in impacted chipsets to other vendors, the patches are not public and can’t be applied by all affected users.

Each manufacturer’s patch timeline for their devices will differ but, for instance, Google has already addressed CVE-2023-24033 for impacted Pixel devices in its March 2023 security updates.

However, until patches are available, users can thwart baseband RCE exploitation attempts targeting Samsung’s Exynos chipsets in their device by disabling Wi-Fi calling and Voice-over-LTE (VoLTE) to remove the attack vector.

Samsung also confirmed Project Zero’s workaround, saying that “users can disable WiFi calling and VoLTE to mitigate the impact of this vulnerability.”

“As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities,” Willis added.


Original Source


 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn