Google is calling attention to a set of severe security flaws in Samsung’s Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.
Four of the 18 flaws make it possible for a threat actor to achieve internet-to-baseband remote code execution, Google Project Zero, which reported the issues in late 2022 and early 2023, said.
“[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Tim Willis, head of Google Project Zero, said.
The attacks might sound prohibitive to execute, but, to the contrary, they are well within reach of skilled attackers, who can quickly devise an operational exploit to breach affected devices “silently and remotely.”
While Pixel 6 and 7 handsets have already received a fix as part of March 2023 security updates, patches for other devices are expected to vary depending on the manufacturer’s timeline.
Until then, users are recommended to switch off Wi-Fi calling and Voice over LTE (VoLTE) in their device settings to “remove the exploitation risk of these vulnerabilities.”
Source: https://thehackernews.com/
