Serious vulnerabilities in Samsung Exynos chips

© connect

Google’s Project Zero has discovered 18 zero-day vulnerabilities in Samsung’s Exynos modem chips. The affected modems are installed in various smartphones from Samsung, but also from Google and Vivo. They are also used in other devices such as wearables and even in vehicles.

Four of the vulnerabilities (CVE-2023-24033 and three other vulnerabilities that are currently without CVE IDs) are classified as particularly critical because malicious code from the Internet could be executed on the device without user interaction. They allow “Internet-to-Baseband Remote Code Execution”, for which only the telephone number has to be known. For the other 14 vulnerabilities, an attacker must at least have direct access to the device.

Affected Exynos chips and devices

Sea Samsung The chipsets affected by the critical vulnerabilities are Exynos 980, Exynos 1080, Exynos Modem 5123, Exynos Modem 5300 and Exynos Auto T5123.

The Google Project Zero has identified the following devices that are affected by the vulnerabilities based on this information:

• Samsung Smartphones Series S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04
• Vivo-Smartphones der Serien S16, S15, S6, X70, X60 and X30
• Google-Smartphones der Serien Pixel 6 and Pixel 7
• Wearables mit Exynos W920 Chip
• Vehicles with Exynos Auto T5123 chip

Patches und Workarounds

The vulnerabilities were already discovered in late 2022 or early 2023. Samsung has released security updates for it. When these are rolled out on the affected devices also depends on the respective manufacturer. Google closed the CVE-2023-24033 vulnerability in the March update for the Pixel smartphones.

Project Zero proposes a workaround for affected devices that have not yet received a security update. Accordingly, it would be sufficient to deactivate WLAN telephony and Voice-over-LTE (VoLTE). In this way, the vulnerability could not be exploited.

17.3.2023 von Gabriele Fischl

Continue to home page

more on the subject

Android Q: Update-Liste

Android 10: These smartphones get the update

Which smartphones from Samsung, Huawei and Co. will be updated to Android 10? Our constantly updated update list clarifies.

smartphone rumors

Google Pixel 7a: Technical Data Leaked

Regarding the Google Pixel 7a, the rumor mill has been bubbling up for some time. In addition to render images and high-resolution photos, now…

Camera with artificial intelligence

Galaxy S23 Ultra moon photos: AI adds details

Samsung advertises the current flagship Galaxy S23 Ultra with the so-called “Moon Shot” function of the camera, thanks to the pictures of the moon especially…

New mid-range from Samsung

Samsung introduces Galaxy A54 and A34

Bright displays, improved cameras and powerful batteries: Samsung has modernized the mid-range smartphones in the A series. All information about equipment,…

Samsung-Foldables

Galaxy Z Fold and Flip 5: First leaks about the displays

The rumors about the upcoming Samsung Galaxy Z Fold 5 and Z Flip 5 are increasing: A leaker wants specific details about the specs and the display used…