Samsung Exynos is extra insecure

Posted on Friday, Mar 24, 2023 by Ned Bellavance

Featured in this episode of Chaos Lever

Project Zero, one of the less evil branches of Advertising Company Google, disclosed 18 vulnerabilities affecting the Samsung Exynos line of chips. These system-on-a-chip components power 11 of Samsung’s handsets and the Google Pixel 6 and 7, as well as other mobile devices and some vehicles.

Out of the 18 vulnerabilities, Project Zero withheld the technical details for four of them, deeming them too dangerous to release in the wild before patches are available. Each of the four big baddies would allow an attacker to compromise the affected device remotely without user interaction. So that’s. Bad? Yes, bad.

The other 14 require the attacker to have physical access to the device, so don’t leave your phone unattended in a public area. Probably good advice in general. Advertising Company Google had already patched their Pixel phones prior to disclosure and patches are coming for the Samsung devices now.

In the meantime, if you have an affected handset Samsung recommends that you disable Wi-Fi calling and voice-over-LTE in the device settings. And go buy an iPhone or Pixel, or something that doesn’t include Bixby. Well they didn’t say that, but I might be heavily implying it.