A serious vulnerability has been discovered in Samsung’s Exynos chips. South Korean giant delays patch rollout?
For several years, Samsung’s Exynos chips have come under a lot of criticism for not living up to Qualcomm’s offering: poor battery life, overheating, photo performance, and rather weak video games in particular. These fears have become a real nightmare for Samsung, which is why the South Korean giant did not offer the Galaxy S23 with an Exynos chip in 2023. Qualcomm chips are now expected to power Samsung’s flagship smartphones for years to come, but that doesn’t mean the manufacturer has decided to ditch them altogether. He reserves them for his entry-level and mid-range devices.
Serious vulnerability discovered in Samsung’s Exynos chips
And while we could say that the situation with these chips couldn’t be worse, the Google Project Zero security team has found a serious security flaw in these components, more specifically in the firmware used by Exynos modems. According to the report, hackers could exploit this vulnerability simply by sending a malicious text message or by infecting a phone by installing an app with malicious code.
Once hackers infect their target, they can take control of the microphone, camera, and other sensors. Even worse, they could access sensitive data stored on the device, including passwords and photos. A post published on the Project Zero blog also indicates that the vulnerability is fairly easy to exploit, even for teams with relatively few funds.
Samsung delaying patch rollout?
In total, the Project Zero team found at least 18 different vulnerabilities affecting Exynos modems. Four of these are extremely serious and could allow hackers to remotely access the phone without any user interaction. They will only need the phone number of their potential victim. Google declined to share details about this vulnerability as it can be exploited very easily. The rest of the identified vulnerabilities are quite minor.
The Project Zero team has been aware of these shortcomings since late 2022, and that’s when they alerted Samsung. However, the South Korean giant has still not released a fix despite having known about it for over three months. A Project Zero researcher even publicly criticized Samsung for being slow to release the patch.
The list of devices affected by these vulnerabilities includes last year’s flagship, namely the Samsung Galaxy S23, two devices from the M series – Galaxy M33 and M13, several from the A series – A71, A53, A33, A21s, A13, A12. and A04 – as well as the Google Pixel 6 and Pixel 7. Apart from these devices, this flaw also affects several Vivo devices using the same Exynos modem. These are Vivo S16, s15, S6, X70, X60 and X30. Google said the March security update will fix these flaws for Pixel devices.
End users still have no fixes 90 days after the report…. https://t.co/dkA9kuzTso
— Maddie Stone (@maddiestone) March 16, 2023