Google is warning that some Samsung-powered Android (opens in new tab) devices are suffering from high-severity vulnerabilities which allow threat actors to compromise the endpoints remotely without user interaction.In a blog post (opens in new tab) published on the Project Zero website earlier this week, Google’s researchers said that they reported 18 zero-day vulnerabilities found in Samsung’s Exynos Modems in late 2022 and early 2023. Of those 18, four are high-severity, allowing for internet-to-baseband remote code execution.With many organizations relying on mobile devices power their workforce, financially-motivated hackers, as well as state-sponsored threat actors from China and Russia, for example, will seek to exploit these flaws in malicious campaigns of data theft and espionage.
No user interaction required
“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,” the researchers said.Of the four vulnerabilities, just one has an assigned CVE – CVE-2023-24033. The other three are pending. Given that the Android ecosystem is decentralized, the speed at which the flaws receive patches depends on the manufacturers. Google, for example, has already patched these flaws for its Pixel smartphone lineup, in its March update. For others, such as Samsung, or Vivo, it depends on how fast these companies react. For that reason, Google decided not to share more details about the flaws, in order not to give the attackers any head start.In anticipation of the patch, IT teams who are worried about the flaws can go for a workaround – turning off Wi-Fi calling and Voice-over-LTE (VoLTE) essentially renders the vulnerabilities harmless.Here’s the full list of all the affected devices, as per Google’s Project Zero:Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;The Pixel 6 and Pixel 7 series of devices from Google;any wearables that use the Exynos W920 chipset; andany vehicles that use the Exynos Auto T5123 chipset.Given that the flaws only affect Android devices running on Exynos, the news comes as an unexpected win for Qualcomm, especially in the SMB sector. Whether or not the company capitalizes on the news and how remains to be seen.Via: TechCrunch (opens in new tab)
Multiple zero day vulnerabilities are affecting Android devices with Samsung chips, warns Google. The tech giant has not elaborated on the specific vulnerabilities but has described them as a “high-impact” severity level. The vulnerabilities can allow hackers to take control of an affected device remotely. This is a threat to a vast number of android users.
Google disclosed the vulnerabilities on the Android Security bulletin, which identifies the affected devices and gives instructions for patching them. The list of affected devices includes Samsung Galaxy S7, S8, and S9, and some other devices such as Note 8 and Note 9. Google has urged users to update their devices immediately to protect themselves from potential cyberattacks.
Moreover, Zero day vulnerabilities refer to the security holes in software or hardware that are unknown to the makers of the product, which makes detecting them challenging. They can later be exploited by attackers to carry out various attacks, and Google considers these types of vulnerabilities as significant threats.
In light of these vulnerabilities, many android users with Samsung chips are worried about their safety and privacy. It is, therefore, necessary to provide answers to some frequently asked questions about the vulnerabilities:
Q: What are the zero day vulnerabilities that are affecting Android devices with Samsung chips?
A: Google has not detailed the specific vulnerabilities, but they are a “high-impact” severity level.
Q: Which devices are affected by these vulnerabilities?
A: The list of affected devices includes Samsung Galaxy S7, S8, and S9, as well as Note 8 and Note 9.
Q: Can these vulnerabilities enable hackers to take control of an affected device remotely?
A: Yes, the vulnerabilities can allow hackers to take control of an affected device remotely.
Q: What should I do to protect my android device from these vulnerabilities?
A: Google has urged users to update their devices immediately to protect themselves from potential cyberattacks.
In conclusion, multiple zero day vulnerabilities affecting Android devices with Samsung chips prove to be a significant threat to users. It is crucial that users take note of the affected devices and update them promptly to protect their valuable information from malicious attacks.
- The team of experts at TechListen.com are dedicated to providing you with the best information and insights on the latest and greatest technology. Our experts have extensive knowledge and experience in the tech industry, and are constantly researching and analyzing the newest products and services so you can make informed decisions. We provide detailed reviews and analysis of the latest gadgets and gizmos, as well as the hottest trends in the industry. Our team is committed to helping you stay up-to-date with the ever-changing world of technology, so you can get the most out of your tech investments. With our expertise and dedication to providing the best information, TechListen.com is the premier online destination for all things tech.
- NewsAugust 25, 2023Instacart Unveils $428 Million Profit with Anticipated Slowing Growth Prior to I.P.O.
- ReviewsAugust 23, 2023Reviewing Immortals of Aveum: Do You Believe in Magic?
- NewsAugust 22, 2023Quordle Today: Hints and Answers for Wednesday, August 23, Game #576
- NewsAugust 19, 2023Cruise Decreases Driverless Car Fleet in San Francisco After Crash