Google’s security research unit has triggered alerts about a number of vulnerabilities found in some Samsung chips. These vulnerabilities are also present in some models of smart watches such as those produced by the same SAMSUNG.
Google’s internal team called Project Zero is dedicated to monitoring zero-day vulnerabilities, i.e. those that have just been discovered, in devices and software, in particular related to mobile phone.
In a blog post, Tim Willisthe head of Project Zero, explained that security researchers have found up to 18 vulnerabilities in the Exynos processors produced by Samsung in recent months.
Another researcher from the same research group, Maddie Stone, wrote on her Twitter account that Samsung had 90 day margin to fix these security flaws, but you’re surprised it hasn’t been done yet.
Among the errors found, four are of the highest severity, as they could silently and remotely compromise the affected devices. simulate. above all, a processorsbrowsers and open source libraries used by these devices.
“Project Zero’s testing confirms that these four vulnerabilities allow an attacker to compromise a phone remotely and without user interaction. They only require the attacker to know the victim’s phone number,” Willis explained.
The security flaw, according to experts, is more worrying expected. Especially since no user interaction is required to initiate the attack.
Exynos processors convert the signals that a device emits into digital data, so if an intruder gains access to it, he can obtain all data entering and leaving this terminal, including calls, messages or files, without lifting an eye. in the victim.
For this reason, the Google security team recommends, until there is a solution, to disable voice services via Wifi and LTE.
Phones at risk
“Meanwhile, users with affected devices can protect themselves from remote code execution vulnerabilities by disabling Wi-Fi and Voice-over-LTE (VoLTE) calling in their device settings,” they explain.
Samsung devices that may be at risk are: the series Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04.
It is standard practice for Project Zero to disclose how vulnerabilities work 90 days after reporting them to affected vendors. In this case, however, they still don’t explain the four key flaws that allow remote code execution.
The American tech giant has signaled this risk to the public, stating that skilled attackers are able to quickly exploit these bugs to their advantage.
Samsung confirmed in a March 2023 security listing that several Exynos chips are vulnerable, and that this would affect several Android device manufacturers, but provided few other details.
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.