Zero-day vulnerabilities are never fun, but this is especially the case with popular devices, like the many that use the Samsung Exynos modem. Google’s Project Zero has discovered 18 such vulnerabilities in these chips, four of which allow for remote code execution. Why should you be concerned about these vulnerabilities and what can you do to minimize your risk?
We aren’t trying to scare you, but we cannot understate the danger presented by these threats. Some of these vulnerabilities are so tricky that they can be carried out with only your phone number, providing hackers access to the device without you as the victim providing them access. In short, you could be compromised without even knowing it, and that’s reason enough to educate yourself on this topic.
Here is Samsung’s list of impacted devices:
It’s also worth noting that any of Samsung’s wearables using the Exynos W920 chipset and vehicles with the Exynos Auto T5123 chipset are affected, too. Suffice to say that the list of impacted devices extends far beyond what is listed above.
The issue is quite widespread, impacting multiple kinds of devices, vendors, and manufacturers, so it will be some time before all affected devices can be patched. In the meantime, you can take measures to protect yourself by disabling features such as Wi-Fi calling and Voice-over-LTE. Furthermore, keep your device up-to-date with patches, both before and after the fix is issued.
If you use a common smartphone like the more recent Google Pixel phones and Samsung Galaxy line of devices, these updates have already been issued with the March security patch. Be sure to apply these updates as soon as possible. If you fail to do so, you’re leaving your devices wide open.
If you want to stay on top of these updates, OnSite I.T. can help. To learn more, reach out to us today at (403) 210-2927.