Google says hackers could silently own your phone until Samsung fixes its modems

Project Zero, Google’s team dedicated to security research, has found some big problems in the Samsung modems that power devices like the Pixel 6, Pixel 7, and some models of the Galaxy S22 and A53. According to its blog post, a variety of Exynos modems have a series of vulnerabilities that could “allow an attacker to remotely compromise a phone at the baseband level with no user interaction” without needing much more than a victim’s phone number. And, frustratingly, it seems like Samsung is dragging its feet on fixing it.

The team also warns that experienced hackers could exploit the issue “with only limited additional research and development.” Google says the March security update for Pixels should patch the problem — though 9to5Google notes that it’s not available for the Pixel 6, 6 Pro, and 6a yet (we also checked on our own 6a and there was no update). The researchers say they believe the following devices may be at risk:

It is worth noting that, in order for devices to be vulnerable, they have to use one of the affected Samsung modems. For a lot of S22 owners, that could be a relief — the phones sold outside of Europe and some African countries have a Qualcomm processor and also use a Qualcomm modem, and thus should be safe from these specific issues. But phones with Exynos processors, like the popular midrange A53, and European S22, might be vulnerable.

In theory, the S21 and S23 are safe — Samsung’s most recent flagships use Qualcomm worldwide, and the older ones with Exynos chips use a modem that doesn’t appear on Samsung’s list of affected chips.

If you know your phone uses one of the vulnerable modems, and you’re concerned about it being exploited (remember, attacks could “compromise affected devices silently and remotely”), Project Zero says you can protect yourself by turning off Wi-Fi calling and Voice-over-LTE. Yes, your calls will be worse, but it’s probably worth it.

Traditionally, security researchers will wait until a fix is available before announcing that they’ve found the bug, or until it’s been a certain amount of time since they reported it without any fix in sight. It seems like it’s the latter case here — as TechCrunch notes, Project Zero researcher Maddie Stone tweeted that “end-users still don’t have patches 90 days after report,” which appears to be a prod at Samsung and other vendors that they need to deal with the issue.

Samsung didn’t immediately reply to The Verge’s request for comment on why there doesn’t appear to have been a patch yet.

In total, Project Zero found 18 vulnerabilities in the modems. Four are the really bad ones that allow “Internet-to-baseband remote code execution,” and Google says it’s not sharing additional information on those right now, in spite of its usual disclosure policy. (Again, due to the fact that it believes they could very easily be exploited.) The rest were more minor, requiring “either a malicious mobile network operator or an attacker with local access to the device.” To be clear, that’s still not great — we’ve seen how flimsy carrier security can be — but at least they’re not quite as bad as the others.

#Google #hackers #silently #phone #Samsung #fixes #modems


Related Posts

‘Quordle’ today: See each ‘Quordle’ answer and hints for April 2

If Quordle is a little too challenging today, you’ve come to the right place for hints. There aren’t just hints here, but the whole Quordle solution. Scroll…

April Fools’ Day 2023: the best and cringiest pranks

April Fools’ 2023: Overwatch 2. Blizzard’s team-based shooter has gone all googly-eyes for its characters on April 1st in past years, which is back, along with other…

Krablr develops generative AI language to boost crab yields

Krablr, the real-time crab pricing engine for amateur fishermen, has announced yet another pivot in its business model. Following a successful transition from crab pricing to crab…

Interview With the Vampire Recasts Claudia for Season 2

Image: AMC AMC’s Interview With the Vampire will be recasting Claudia, the adopted daughter of vampires Louis (Jacob Anderson) and Lestat (Sam Reid). Favorite Vampires in Media…

The 11 Best Barefoot Shoes (2023): For Running or Walking

You’ve probably been wearing padded shoes most of your life. Don’t expect to toss them and be able to do the same mileage—whether walking or running—in barefoot…

Stunning James Webb Space Telescope photo shows bending of spacetime

The universe is warped. And you can see it in a new cosmic photo captured by the James Webb Space Telescope, the most powerful space observatory ever…

Leave a Reply

Your email address will not be published. Required fields are marked *