Google project Zero security team find 18 active vulnerabilities on 12 smartphones due to Exynos Modem : Here’s everything you need to know
Have you been also hearing cases like someone’s device has been hacked without any user interaction? Well, the cases have been increasing day by day and it confused many users how is this even possible? We finally have got the answers to these questions as Google’s Project Zero security team has found about 18 active vulnerabilities in Samsung’s Exynos Modem.
The security flaws of this modem have been reported between the end of 2022 and the start of 2023 and as per the security team, among these 18 active vulnerabilities, four were identified as the most serious ones as they enable remote code execution from the Internet to baseband. These include CVE-2023 – 24033 including three others.
As per the list of affected chipsets, a list of 12 affected smartphones has been found:
- Galaxy M33
- Galaxy A53
- Galaxy A33
- Galaxy A21
- Galaxy A13
- Galaxy A12
- Galaxy M12
- Galaxy M13
- Galaxy A04
- Pixel 6A
- Pixel 6
- Pixel 6 Pro
The bugs found out by the security team allow hackers to access your device by using just your phone number. Not only this, experienced attackers with minimal additional research could easily create an exploit cable of remotely compromising vulnerable devices without catching the user’s attention. Well, this definitely is a worrying situation for the users.
Considering the 4 serious bugs, Tim Willis, Head of Project Zero said,” Due to a very rare combination of the level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution .” Though he mentioned that the remaining 14 bugs are not critical but still pose a risk.
Also, the users of the above devices are advised to disable Wi-Fi calling and VoLTE to mitigate the impact of this vulnerability and also to keep their devices updated to the latest builds to save them from security vulnerabilities. Though these are just remedial solutions and a new security patch can fix these issues.
Google has already addressed CVE-2023-24033 for impacted Pixel devices in their March 2023 security updates.