18 zero day critical vulnerabilities found in Exynos chips | Samsung, Vivo and Pixels are affected.

[cattynip]

According to researchers, the following phones and other devices, including vehicles, can be compromised if hackers were to exploit the at-risk Exynos chips:

• Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
• Vivo S16, S15, S6, X70, X60 and X30 series.
• The Pixel 6 and Pixel 7 series.
• Any wearables that use the Exynos W920 chipset.
• Any vehicles that use the Exynos Auto T5123 chipset.

Pixel 7 series is patched by Google through March Security Update.

Source: Android Authority

 

[lockhrt999]

Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars.

www.bleepingcomputer.com

[Updated] Samsung hasn’t patched a critical bug affecting many Galaxy phones with Exynos chips

Update: Samsung addressed five (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076) of the eighteen 0-day vulnerabilities in Exynos Modems through the March ...

www.sammobile.com

• Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;
• Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
• The Pixel 6 and Pixel 7 series of devices from Google;
• any wearables that use the Exynos W920 chipset; and
• any vehicles that use the Exynos Auto T5123 chipset.

TLDR,

• Essentially, a hacker can gain control of the device by just using the mobile number.
• Google reported these vulnerabilities to samsung in December. So far samsung has patched only 5 of them. Rest are still undisclosed because of their severity.
• Users can secure their mobiles by disabling VoWiFi and VoLTE.

 

[cattynip]

Won't Jio SIM cards be rendered useless if VoLTE is disabled? Wi-Fi calling can be disabled yes

 

[blr_p]

Times like this you look at your S20FE and realise it does not have an Exynos chip and just smile

 

[lockhrt999]

Won't Jio SIM cards be rendered useless if VoLTE is disabled? Wi-Fi calling can be disabled yes

You're right.

As per current understanding, only Google and Samsung engineer know how to exploit the bugs. If this hypothesis is true then I think exynos users should be safe.

My friend has worked with Samsung in the phone division in S.Korea. He used to tell me Samsung is f'ing ruthless (cultural difference I suppose). Why is then it's the samsung phones that are blowing up or having weird vulnerabilities? BBK (oppo, vivo, etc) who is a largest mobile maker and they are don't make that noise.

Times like this you look at your S20FE and realise it does not have an Exynos chip and just smile

This news made me realize why there's no Exynos chip in this year's galaxy S23 release.

 

[6pack]

Can't disable volte in the 6a. I disabled the wifi calling. Even in phone factory setting, you cannot disable volte.

 

[t3chg33k]

Can't disable volte in the 6a. I disabled the wifi calling. Even in phone factory setting, you cannot disable volte.
View attachment 163735

Is it a Jio SIM? If so, the option is disabled by the carrier.

 

[6pack]

Got the March update today morning. Seems 4 of the vulnerabilities are patched. Also got 5g setting in network but there's some band mismatch or no 5g in my area. Says transmitter is 5g capable and 5g nsa available.



Edit: changed the phone band to 700Mhz n28 band and got 5g signal.

 

[cattynip]

Edit: changed the phone band to 700Mhz n28 band and got 5g signal.

I updated last night. How do I change the band to enable 5G support?

 

[6pack]

I updated last night. How do I change the band to enable 5G support?

Paste this in default dialer app.

*#*#4636#*#*

Then go into phone info. On top right hand side, you can see 3 dot menu. Select automatic or USA. Others don't work. Probably the 700 upper one works too.

In the place where it shows NR/LTE etc make it NR only. Then it should catch some 5g signal.
On NR only mode, the battery got depleted in just 3-4 hours. My phone was in that 700Mhz band and it didn't get hot. Don't know how to switch to band n71 or whatever that 2.3Ghz band is.

 

[cattynip]

Thanks for sharing, did you face any issues while on NR/700Mhz band? Like call drops or delay in receiving any messages such as that from bank, OTP etc. Also what are the speeds like?

 

[6pack]

Thanks for sharing, did you face any issues while on NR/700Mhz band? Like call drops or delay in receiving any messages such as that from bank, OTP etc. Also what are the speeds like?

No problem. OTP or bank UPI payment, sms, calls everything works fine. Just download speed is same as when I'm connected to 4g LTE. Other people are getting 500+ Mbps on their Samsung or poco phones. Only my phone stuck on such low speed. Battery goes down really fast.
Edit: my phone seems to heat up more on LTE than on 5g. ⊙⁠.⁠☉