Samsung

Samsung Exynos Chip Is Full Of Zero-Day Vulnerabilities

A total of 18 zero-day vulnerabilities exist in Exynos modems manufactured by Samsung Semiconductor. In addition to devices from the Galaxy family, Google Pixel smartphones and models from Vivo are also affected. There is a workaround for more security until the patch.

Galaxy, Pixel smartphones, and Vivo models are affected

Security gaps in a chip that is used in countless smartphones and provides mobile connection quickly affect many people. In the current case, the Google security program Project Zero discovered 18 security problems in Samsung Exynos modems that Samsung has not yet fixed. The researchers classify four of these vulnerabilities as particularly serious, as tests have shown that attackers only need to know the victims’ phone numbers in order to compromise phones remotely.

According to Google Project Zero, the following products are affected:

  • Samsung smartphones including S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series devices
  • Smartphones from Vivo, including the S16, S15, S6, X70, X60 and X30 series devices
  • Google’s Pixel 6 and Pixel 7 series devices
  • All wearables using the Exynos W920 chipset
  • All vehicles using the Exynos Auto T5123 chipset

Project Zero has been repeatedly criticized in the past for the early disclosure of security vulnerabilities. In the current case, however, the researchers classified the gaps as too serious to make them public immediately after their discovery at the end of last year. 

“Due to a very rare combination of the scope of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be created, we decided to make an exception to the disclosure of the four vulnerabilities delay,” the team wrote in the vulnerability blog post.