Samsung Phones Vulnerable to 18 Security Flaws – Take Action Now to Protect Yourself

Google’s Project Zero security research team has identified 18 vulnerabilities in Samsung phones powered by the Exynos chip.[0] Of the 18 reported security issues, four are considered severe, as they give hackers a way to access your phone with just your phone number.[1] Google Project Zero head Tim Willis confirmed that the four vulnerabilities allow for internet-to-baseband remote code execution, and that with limited additional research and development, skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.[2]

The severe vulnerabilities are present in Samsung Galaxy S, M, and A series phones, as well as any wearables that use the Exynos W920 chipset, and any vehicles with the Exynos Auto T5123 chipset.[3] The remaining 14 flaws are not as severe, as they require either a malicious mobile network operator or an attacker with local access to the device.[4]

Google has released a patch for five of the six vulnerabilities in its March security update for Pixel phones, but the update hasn’t reached the Pixel 6, Pixel 6 Pro, and Pixel 6a yet.[5] Samsung has also released a patch for five of the six vulnerabilities in its March security update, and another security patch will be released in April to address the remaining vulnerability.

In the meantime, Google advises users to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings to remove the exploitation risk of these vulnerabilities.[6] To turn off Wi-Fi calling, go to your device settings and find the Wi-Fi Calling option.[7]

Project Zero has made a policy exception to delay disclosure for the four vulnerabilities that allow for internet-to-baseband remote code execution due to the rare combination of level of access these vulnerabilities provide and the speed with which a reliable operational exploit could be crafted.[8]

It appears that the threat only affects phones with Samsung's Exynos processor, not those using Qualcomm's.[7] Prior to this year, a number of Samsung Galaxy devices released in the UK featured the Exynos processor, such as the Galaxy S22, Galaxy M33 and Galaxy M12.[9]

Cybersecurity experts have warned Samsung to fix the bug, but with an update still to come, users are being urged to take action to protect themselves. Until then, make sure your device is up to date with all security patches.[10]

0. “Google issues urgent warning of 18 critical bugs found in mass-level Android phones” India TV News, 17 Mar. 2023, https://www.indiatvnews.com/technology/news/google-issues-urgent-warning-of-18-critical-bugs-found-in-mass-level-android-phones-2023-03-17-855354

1. “Google warns against severe security risks on Galaxy S22, Pixel 6, more” Android Authority, 17 Mar. 2023, https://www.androidauthority.com/google-project-zero-samsung-exynos-vulnerabilities-3299355/

2. “Google Exposes 18 Zero-Day Flaws in Samsung Exynos Chips” Infosecurity Magazine, 17 Mar. 2023, https://www.infosecurity-magazine.com/news/google-finds-18-zero-days-samsung/

3. “PSA: Google Warns of Critical Vulnerabilities In Phones, Wearables and Even Cars Using Samsung Components” TechTheLead, 17 Mar. 2023, https://techthelead.com/psa-google-warns-of-critical-vulnerabilities-in-phones-wearables-and-even-cars-using-samsung-components/

4. “Google Warns Samsung and Pixel Phone Owners About 18 Serious Exploits” CNET, 17 Mar. 2023, https://www.cnet.com/tech/mobile/google-warns-samsung-and-pixel-phone-owners-about-18-dire-exploits

5. “Warning over Android phone bug that lets hackers take over your device” Evening Standard, 17 Mar. 2023, https://www.standard.co.uk/tech/android-phone-bug-hackers-attack-samsung-google-device-b1068074.html

6. “Android Phones Have ‘Exploitable' Flaws, Google Warns, Asking Users To Protect Themselves” Yahoo Life, 17 Mar. 2023, https://www.yahoo.com/lifestyle/android-phones-exploitable-flaws-google-175410741.html

7. “Samsung Galaxy hacking warning issued with users told to disable one setting immediately” Irish Mirror, 18 Mar. 2023, https://www.irishmirror.ie/lifestyle/technology/samsung-galaxy-hacking-warning-issued-29491059

8. “Dangerous Android phone 0-day bugs revealed – patch or work around them now!” Naked Security, 17 Mar. 2023, https://nakedsecurity.sophos.com/2023/03/17/dangerous-android-phone-0-day-bugs-revealed-patch-or-work-around-them-now

9. “Samsung Galaxy warning as millions of owners urged to switch off this Wi-Fi setting” Daily Record, 17 Mar. 2023, https://www.dailyrecord.co.uk/lifestyle/samsung-galaxy-warning-millions-owners-29488106

10. “Your Samsung phone may have a big security flaw – here's how to stay safe” TechRadar, 17 Mar. 2023, https://www.techradar.com/news/your-samsung-phone-may-have-a-big-security-flaw-heres-how-to-stay-safe

Click Here to Leave a Comment Below 0 comments