Detected multiple vulnerabilities in Exynos modems

vulnerability

If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems

Researchers from the Google team Project Zero, unveiled recently through a blog post, the discovery of 18 vulnerabilities detected en Samsung modems Exynos 5G/LTE/GSM.

According to Google Project Zero representatives, after some additional research, skilled attackers will be able to quickly prepare a working exploit that allows remote control to be gained at the wireless module level, knowing only the victim's phone number. The attack can be carried out without the user being aware of it and does not require any action from the user, which makes some of the detected vulnerabilities critical.

The four most dangerous vulnerabilities (CVE-2023-24033) allow code execution at the band chip level basis through the manipulation of external Internet networks.

In late 2022 and early 2023, Project Zero reported eighteen zero-day vulnerabilities in Exynos modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have not yet been assigned CVE-IDs) allowed remote code execution from the Internet to baseband.

Of the remaining 14 vulnerabilities, it is mentioned that have a lower severity level, as the attack requires access to the mobile network operator's infrastructure or local access to the user's device. With the exception of the CVE-2023-24033 vulnerability, which was proposed to be fixed in the March firmware update for Google Pixel devices, the issues remain unresolved.

So far, the only thing that is known about the CVE-2023-24033 vulnerability is that it is caused by incorrect format checking of the accept-type attribute transmitted in Session Description Protocol (SDP) messages.

Testing by Project Zero confirms that all four of these vulnerabilities allow an attacker to remotely compromise a phone at the baseband level without user interaction, requiring only the attacker to know the victim's phone number. With limited additional research and development, we believe skilled attackers could quickly create an operational exploit to silently and remotely compromise affected devices.

The vulnerabilities manifest in devices equipped with Samsung Exynos chips, sBased on information from public websites that assign chipsets to devices, affected products are likely to include:

  • Samsung mobile devices, including S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
  • Vivo mobile devices, including S16, S15, S6, X70, X60 and X30 series;
  • Google's Pixel 6 and Pixel 7 series of devices; and
  • any vehicle using the Exynos Auto T5123 chipset.

Until manufacturers fix the vulnerabilities, it is recommended users that disable VoLTE support (Voice-over-LTE) and Wi-Fi calling function in settings. Disabling these settings will eliminate the risk of exploiting these vulnerabilities.

Due to the danger of vulnerabilities and the realism of the rapid appearance of an exploit, Google decided to make an exception for the 4 most dangerous problems and postponing the disclosure of information about the nature of the problems.

 As always, we encourage end users to update their devices as soon as possible to ensure they are running the latest builds that fix disclosed and undisclosed security vulnerabilities.

For the rest of the vulnerabilities, the details disclosure schedule will be followed 90 days after the notification to the manufacturer (information on vulnerabilities CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075 and CVE-2023-26076 -9-90 is now available in the bug tracking system and for the remaining XNUMX issues, the XNUMX day wait has not expired yet).

The reported vulnerabilities CVE-2023-2607* are caused by a buffer overflow when decoding certain options and lists in the NrmmMsgCodec and NrSmPcoCodec codecs.

Finally, if you are interested in knowing more about it you can check the details In the following link.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.