Security
Headlines
HeadlinesLatestCVEs

Headline

Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles

Categories: News Tags: android

Tags: google

Tags: samsung

Tags: chip

Tags: VoLTE

Tags: modem

Tags: chipset

Tags: vulnerability

Tags: pixel

Tags: CVE-2023-24033

We take a look at multiple vulnerabilities highlighted by Google’s Project Zero team, and what you can do to ward off the threat of attack.

(Read more…)

The post Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#android#google#samsung#wifi

Google’s Project Zero is warning of multiple significant vulnerabilities found across many models of mobile devices including Samsung Galaxy, Google Pixel, Vivo, and several forms of wearable and vehicles using certain types of components.

Between late 2022 and early 2023, Project Zero reported 18 vulnerabilities in a chip powering those devices. Of those 18, a total of four vulnerabilities are tagged as “top-severity” which could allow for silent compromise over the network.

Which devices are affected?

The list of impacted technology is as follows:

  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series
  • The Pixel 6 and Pixel 7 series of devices from Google
  • Any vehicles that use the Exynos Auto T5123 chipset

The four most severe vulnerabilities could allow attackers to remotely compromise a device, with no physical interaction required at any stage of the proceedings. The only thing an attacker requires for the compromise to take place is knowledge of the intended victim’s phone number.

The other fourteen, while still bad, are nowhere near as severe, and for them to be successful requires either a malicious mobile network operator or an attacker with local access to the device.

Meanwhile, the Google Security research team believes that the most severe vulnerabilities would allow skilled attackers to create an operational exploit in a short space of time.

Patching and scope of threat

While Google mentions that patching will be dependent on manufacturer, PIxel phones (for example) have already been patched against CVE-2023-24033 in the March security update. If a patch isn’t forthcoming for your own device yet, Google has some suggestions to help keep your technology safe from harm. If your device allows you to, switch off two settings called:

  • Wi-Fi calling
  • Voice-over-LTE (VoLTE)

This will prevent the risk of exploitation. One potential ramification of disabling VoLTE is that in recent years it has become something of a necessity for some mobile networks. If you’re able to turn it off, then based on the information available you may experience poor call quality and lack of certain features and functionality. On the other hand, VoLTE is “not available everywhere on every network, or on every handset” so it may not matter too much anyway depending on your make and model.

As for scope, depending on where your device is from you may not be running the vulnerable type of chip needed for the exploit to be successful. The Verge notes that phones sold outside of Europe and some African countries” use something else altogether. In those instances, you should be fine.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Related news

Apple's iOS 16.4: Security Updates Are Better Than a Goose Emoji

Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.

CVE-2023-21079: Pixel Update Bulletin—March 2023

In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.

Hackers can hijack Samsung and Pixel phones by knowing phone number

By Deeba Ahmed In addition to Google Pixel and Samsung devices, Vivo devices were also vulnerable to this attack. This is a post from HackRead.com Read the original post: Hackers can hijack Samsung and Pixel phones by knowing phone number

Malwarebytes: Latest News

Our Santa wishlist: Stronger identity security for kids