Do you hear of cases where someone’s device has been hacked without the user’s interaction? The cases are increasing every day, leaving many users confused as to how this is possible. According to Google’s Project Zero security team, Samsung’s Exynos Modem has 18 active vulnerabilities.
According to the security team, among the 18 active vulnerabilities found in this modem, four were identified as the most serious ones due to their ability to allow remote code execution from the Internet to the baseband. Among them are CVE-2023 – 24033 and three others.
According to the list of affected chipsets, 12 smartphones are affected:
-
Galaxy M33
-
Galaxy A53
-
Galaxy A33
-
Galaxy A21
-
Galaxy A13
-
Galaxy A12
-
Galaxy M12
-
Galaxy M13
-
Galaxy A04
-
Pixel 6A
-
Pixel 6
-
Pixel 6 Pro
By using only your phone number, hackers can access your device through the bugs found by the security team. In addition, experienced attackers could easily create exploit cables of remotely compromising vulnerable devices with minimal additional research. There is no doubt that this is a worrying situation for the users.
In light of the four serious bugs, Tim Willis, Director of Project Zero, explained, “We have decided to make an exception to our policy to delay disclosure for the four vulnerabilities that allow for remote code execution from the Internet to baseband because of the very rare combination of access these vulnerabilities provide and the speed at which a reliable operational exploit could be crafted.” Despite the fact that the remaining 14 bugs are not critical, they still pose a risk, he said.
To mitigate the impact of this vulnerability, users of the above devices are advised to disable Wi-Fi calling and VoLTE on their devices and to update them to the latest builds. These are only remedial solutions, and a new security patch can resolve them.
In its March 2023 security update, Google addressed CVE-2023-24033 for impacted Pixel devices.