Security News > 2023 > March > Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs
Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control their handsets knowing just the phone number.
Between late 2022 and early this year, Google's Project Zero found and reported 18 of these bugs in Samsung's Exynos cellular modem firmware, according to Tim Willis, who heads the bug-hunting team.
The baseband, or modem, portion of a device typically has privileged low-level access to all the hardware, and so exploiting bugs within its code can give an intruder full control over the phone or device.
"With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely," he added.
Affected devices include those using Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series of chips; Vivo mobile devices including the S16, S15, S6, X70, X60 and X30 series; the Pixel 6 and Pixel 7 series of devices from Google; and vehicles that use the Exynos Auto T5123 chipset.
Google issued a fix for CVE-2023-24033 affecting Pixel devices in its March security update.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-13 | CVE-2023-24033 | Unspecified vulnerability in Samsung products The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | 9.8 |