PSA: 10/10 Security Flaw Found in Exynos modems

Forums › IT Pro and developers › PSA: 10/10 Security Flaw Found in Exynos modems - Action Required for many

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#303932 21-Mar-2023 10:18

The security flaws are rated a 10/10 by Google and Samsung. Users are advised by both companies to disable Voice over LTE (VoLTE) and Wi-Fi calling ASAP on the devices listed below:

According to Samsung Semiconductor (January 2023), these are the affected chipsets: Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123. Google compiled a list of likely affected products:

Samsung Galaxy phones including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series Vivo phones including those in the S16, S15, S6, X70, X60, and X30 series Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro Any wearables that use the Exynos W920 chipset Any vehicles that use the Exynos Auto T5123 chipset

https://9to5google.com/2023/03/16/google-exynos-modem-vulnerabilities/

Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number.

robjg63

4160 posts

Uber Geek
+1 received by user: 1425

Subscriber

#3052750 21-Mar-2023 11:30

I saw a couple of articles about this a few days ago and didn't take a lot of notice. I finally got around to reading one properly last night and was somewhat concerned.

I have a Samsung Galaxy A33 - so one of the models with that chipset.

The chances of being compromised are likely very small indeed - but I figured it is better to be cautious until its patched.

I see articles seem to often reference disabling VoLTE , but there is no such setting on my phone - and it seems to be a bit dependent on the carrier/region etc as to whether its a user selectable option.

So, just in case it helps anyone else with a Samsung phone:

Disable Wifi Calling":

Settings/Connections - set Wi-Fi Calling "OFF"

Set your phone network connection to only use the basic network connection:

Settings/Connections/Mobile networks/Network mode - set the connection to "3G/2G (auto connect)"

Really hope Samsung gets their finger out and fixes this - I really liked the HD call quality that came with VoLTE.

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#3052754 21-Mar-2023 11:33

Why do you feel the chances of being compromised are low?

robjg63

4160 posts

Uber Geek
+1 received by user: 1425

Subscriber

#3052758 21-Mar-2023 11:47

networkn: Why do you feel the chances of being compromised are low?

Several articles suggested that it was likely low odds of getting compromised. Maybe the opinions have changed in the last 24 hours as the news spreads. The hacker still has to try and access your number as I understand it and there are a lot of phone numbers in the world.

As noted, I didn't think it was worth taking the risk and have actioned the suggestions.

My post hopefully clarified that some users will not have the option of disabling VoLTE and how they can implement a work around to that issue.

Unfortunately they will lose 4G or 5G data connection, which will be pretty annoying for some.

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

MikeB4

MikeB4
18775 posts

Uber Geek
+1 received by user: 12765

ID Verified

Trusted

Subscriber

#3052761 21-Mar-2023 11:51

networkn: Why do you feel the chances of being compromised are low?

A not so nice person would need to know your phone number, service provider, model of phone and version hardware and firmware. Given the huge number of devices in the wild I would say one would have a greater chance of seeing an Alien spaceship or an honest politician.

Here is a crazy notion, lets give peace a chance.

robjg63

4160 posts

Uber Geek
+1 received by user: 1425

Subscriber

#3052765 21-Mar-2023 12:00

I have been hunting around because many of the articles are just reprinting the same words ad infinitum are are pretty useless.

I finally found some info on the Samsung site, that claims the March security patch should address the issues as far as I can see:

https://r2.community.samsung.com/t5/Tech-Talk/Samsung-March-2023-Security-Patch-Fixes-for-Call-Keyboard-System/m-p/13506556

The last section of that page says:

Use after-free vulnerability in decon driver

This issue affected Galaxy devices running Android 11/12/13 with Exynos 2100 chipset (Galaxy S21 series). It allows attackers to cause memory access faults, which have been fixed with the addition of proper check logic to prevent use after free.

Guess we just need to wait for that to appear.

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3052772 21-Mar-2023 12:40

Famous last words eh...

That statement was probably in a Waikato DHB security paper sometime in the years leading up to their...event.