cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
search icon

Original topic:

Severe Exynos modem vulnerabilities found

(Topic created on: 03-18-2023 01:34 PM)
1894 Views
TheFastestIndian
Expert Level 5
Options

‎03-18-2023 02:34 AM (Last edited ‎03-18-2023 02:24 PM ) in 

Tech Talk

image

Google Project Zero team found severe 0-day vulnerabilities with the Samsung Exynos modem. Affected Exynos modem used in various Samsung devices including the Galaxy S22 series.

According to the information, Project Zero reported 18 vulnerabilities in Exynos modems in late 2022 and early 2023. And notably, four of the flaws, including CVE-2023-24033, involve internet-to-baseband remote code execution.

Samsung Semiconductor (January 2023) data reveals that Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123 are affected chipsets.

Samsung Galaxy:

• S22 series
• M33
• M13
• M12
• A71
• A53
• A33
• A21
• A13
• A12
• A04 series
• Watch 4 series
• Watch 5 series


Wearable:
• Any wearables that use the Exynos W920 chipset


Vehicle:
• Any vehicles that use the Exynos Auto T5123 chipset

Samsung said:

At the end of last year, we received a security issue notification for Google project zero, and Samsung has provided all customers with a patch version for this vulnerability, and the related issues have now been resolved.


Precaution:

Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.
14 Comments
ANSHIKA56
Active Level 6
Options

‎03-18-2023 09:05 AM (Last edited ‎03-18-2023 09:05 AM ) in 

Tech Talk
What it's mean I not understand I am using a53 is there any security threat or data leak
0 Likes
TheFastestIndian
Expert Level 5
Options

‎03-18-2023 10:10 AM in 

Tech Talk
Yes there was but Samsung has fixed
0 Likes
TheFastestIndian
Expert Level 5
Options

‎03-18-2023 01:00 PM in 

Tech Talk
Nope, combined 2 posts in one
TheFastestIndian
Expert Level 5
Options

‎03-18-2023 01:34 PM in 

Tech Talk
You think I post then take a look at this bro 😄

https://r2.community.samsung.com/t5/Tech-Talk/Exynos-Chip-Vulnerability/td-p/13572002
nickrox
Active Level 4
Options

‎03-18-2023 01:37 PM in 

Tech Talk
But some sources says that only Google pixel has got the security patch for this vulnerability.

Some says Samsung fixed it in March 2023 security patch but in my phone the latest security patch is February 2023 which i got a week back and no more updates are available as of today. So does that mean my phone is compromised?
0 Likes
TheFastestIndian
Expert Level 5
Options

‎03-18-2023 02:22 PM in 

Tech Talk
Is your device on above list 🤔. Yes, the list includes Google Pixel, Vivo and wearables too. Samsung did say that they have rolled out updates and resolved but policy for all devices is not the same so unclear if all devices are safe.

Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.
0 Likes
nickrox
Active Level 4
Options

‎03-18-2023 02:24 PM in 

Tech Talk
Yes mine is A33
0 Likes
NOOB_1ST_ACC
Expert Level 5
Options

‎03-20-2023 10:49 AM in 

Tech Talk
How to turn of volte?
0 Likes
TheFastestIndian
Expert Level 5
Options

‎03-20-2023 11:06 AM (Last edited ‎03-21-2023 12:56 AM ) in 

Tech Talk
To disable VoLTE, open the Settings app or return to the “Connections” menu. Then tap “Mobile networks” and disable “4G call.” (Example “4G call on SIM 1”)
0 Likes