Google’s security research unit has raised the alarm about a series of vulnerabilities detected in certain Samsung chips included in dozens of models of smart bracelets, vehicles and Android phones such as those manufactured by Samsung, Vivo or Google itself. These experts have warned that these security flaws could be exploited by hackers to break into these devices.
In a post on his blog, the head of Google’s Project Zero (dedicated to cybersecurity), Tim Willis, explained that security researchers have found and reported up to 18 vulnerabilities in Exynos processors manufactured by Samsung in recent months.
Among these security errors, four are of the highest severity, as they could silently and remotely compromise affected devices. “Testing by Project Zero confirms that these four vulnerabilities allow an attacker to compromise a phone remotely and without user interaction. They only require the attacker to know the victim’s phone number,” Willis explained.
Exynos processors convert the signals that a device emits into digital data, so if an intruder has access to it, they can obtain all the data that enters and leaves this terminal, including calls, messages or files, without raising a single eye. only suspicion in the victim.
It is not usual for Google or any company that is dedicated to investigating cybersecurity to raise their voices in this way about serious vulnerabilities before they are resolved through patches. The US tech giant has flagged this risk to the public, stating that expert attackers are able to quickly exploit these bugs to their advantage.
For her part, another researcher from the same Project Zero, Maddie Stone, has written on her Twitter account that Samsung had 90 days to patch these security flaws, but has not yet done so.
Samsung confirmed in a March 2023 security listing that several Exynos chips are vulnerable and that this would affect several Android device makers, but provided few other details.
According to Project Zero, the affected devices include nearly a dozen Samsung models, Vivo terminals, and Google’s own Pixel 6 and Pixel 7 phones. Affected devices also include various wearables and vehicles that rely on Exynos chips to connect to the mobile network.
Google itself has ensured that its Pixel devices are already patched with its March security updates.
Google has also detailed that the remaining 14 vulnerabilities were much less serious, since they required access to a device or have privileged access to the systems of a mobile operator.