{"id":8746,"date":"2023-03-17T01:23:19","date_gmt":"2023-03-17T01:23:19","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2023\/03\/17\/google-says-hackers-could-silently-own-your-phone-until-samsung-fixes-its-modems\/"},"modified":"2023-03-17T01:23:19","modified_gmt":"2023-03-17T01:23:19","slug":"google-says-hackers-could-silently-own-your-phone-until-samsung-fixes-its-modems","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2023\/03\/17\/google-says-hackers-could-silently-own-your-phone-until-samsung-fixes-its-modems\/","title":{"rendered":"Google says hackers could silently own your phone until Samsung fixes its modems"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">Project Zero, Google\u2019s team dedicated to security research, has found some big problems in the Samsung modems that power devices like the Pixel 6, Pixel 7, and some models of the Galaxy S22 and A53. <a href=\"https:\/\/googleprojectzero.blogspot.com\/2023\/03\/multiple-internet-to-baseband-remote-rce.html\" target=\"_blank\" rel=\"noopener\">According to its blog post<\/a>, a variety of Exynos modems have a series of vulnerabilities that could \u201callow an attacker to remotely compromise a phone at the baseband level with no user interaction\u201d without needing much more than a victim\u2019s phone number. And, frustratingly, it seems like Samsung is dragging its feet on fixing it.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">The team also warns that experienced hackers could exploit the issue \u201cwith only limited additional research and development.\u201d Google says the March security update for Pixels should patch the problem \u2014 though <a href=\"https:\/\/9to5google.com\/2023\/03\/16\/google-exynos-modem-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\"><em>9to5Google<\/em> notes<\/a> that it\u2019s not available for the Pixel 6, 6 Pro, and 6a yet (we also checked on our own 6a and there was no update). The researchers say they believe the following devices may be at risk:<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">It is worth noting that, in order for devices to be vulnerable, they have to use <a href=\"https:\/\/semiconductor.samsung.com\/support\/quality-support\/product-security-updates\/\" target=\"_blank\" rel=\"noopener\">one of the affected Samsung modems<\/a>. For a lot of S22 owners, that could be a relief \u2014 the phones sold <em>outside<\/em> of Europe and some African countries have a Qualcomm processor and also use a Qualcomm modem, and thus should be safe from these specific issues. But phones with Exynos processors, like <a href=\"https:\/\/www.theverge.com\/23015400\/samsung-galaxy-a53-5g-review-specs-price-screen-camera\" target=\"_blank\" rel=\"noopener\">the popular midrange A53<\/a>, and European S22, might be vulnerable.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">In theory, the S21 and S23 are safe \u2014 Samsung\u2019s most recent flagships use Qualcomm worldwide, and the older ones with Exynos chips use a modem that doesn\u2019t appear on <a href=\"https:\/\/semiconductor.samsung.com\/support\/quality-support\/product-security-updates\/\" target=\"_blank\" rel=\"noopener\">Samsung\u2019s list of affected chips<\/a>.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">If you know your phone uses one of the vulnerable modems, and you\u2019re concerned about it being exploited (remember, attacks could \u201ccompromise affected devices silently and remotely\u201d), Project Zero says you can protect yourself by <a href=\"https:\/\/www.howtogeek.com\/817667\/how-to-turn-off-wi-fi-calling-on-android\/\" target=\"_blank\" rel=\"noopener\">turning off Wi-Fi calling<\/a> and <a href=\"https:\/\/www.makeuseof.com\/what-is-volte\/\" target=\"_blank\" rel=\"noopener\">Voice-over-LTE<\/a>. Yes, your calls will be worse, but it\u2019s probably worth it.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">Traditionally, security researchers will wait until a fix is available before announcing that they\u2019ve found the bug, or until it\u2019s been a certain amount of time since they reported it without any fix in sight. It seems like it\u2019s the latter case here \u2014 <a href=\"https:\/\/techcrunch.com\/2023\/03\/16\/google-warning-samsung-chips-flaws-android\/\" target=\"_blank\" rel=\"noopener\">as <em>TechCrunch<\/em> notes<\/a>, Project Zero researcher Maddie Stone <a href=\"https:\/\/twitter.com\/maddiestone\/status\/1636469657136959488\" target=\"_blank\" rel=\"noopener\">tweeted<\/a> that \u201cend-users still don\u2019t have patches 90 days after report,\u201d which appears to be a prod at Samsung and other vendors that they need to deal with the issue. <\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">Samsung didn\u2019t immediately reply to <em>The Verge<\/em>\u2019s request for comment on why there doesn\u2019t appear to have been a patch yet.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">In total, Project Zero found 18 vulnerabilities in the modems. Four are the really bad ones that allow \u201cInternet-to-baseband remote code execution,\u201d and Google says it\u2019s not sharing additional information on those right now, in spite of its usual disclosure policy. (Again, due to the fact that it believes they could very easily be exploited.) The rest were more minor, requiring \u201ceither a malicious mobile network operator or an attacker with local access to the device.\u201d To be clear, that\u2019s still not great \u2014 we\u2019ve seen <a href=\"https:\/\/www.theverge.com\/2022\/7\/22\/23274833\/t-mobile-2021-hack-settlement-lawsuit-500-million\" target=\"_blank\" rel=\"noopener\">how flimsy carrier security<\/a> <a href=\"https:\/\/www.theverge.com\/2022\/8\/2\/23289699\/t-mobile-phone-unlocker-guilty-25-million\" target=\"_blank\" rel=\"noopener\">can be<\/a> \u2014 but at least they\u2019re not quite as bad as the others.<\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/www.theverge.com\/2023\/3\/16\/23644013\/samsung-exynos-modem-security-issue-project-zero\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Project Zero, Google\u2019s team dedicated to security research, has found some big problems in the Samsung modems that power devices like the Pixel 6, Pixel 7, and some models of the Galaxy S22 and A53. According to its blog post, a variety of Exynos modems have a series of vulnerabilities that could \u201callow an attacker [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":8747,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":{"0":"post-8746","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech"},"_links":{"self":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/8746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=8746"}],"version-history":[{"count":0,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/8746\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/8747"}],"wp:attachment":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=8746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=8746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=8746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}