{"id":31717,"date":"2023-03-21T04:11:37","date_gmt":"2023-03-20T17:11:37","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/samsung-exynos-vulnerabilities\/31717\/"},"modified":"2023-03-21T04:11:37","modified_gmt":"2023-03-20T17:11:37","slug":"samsung-exynos-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/samsung-exynos-vulnerabilities\/31717\/","title":{"rendered":"Remote hacking of Samsung, Google and Vivo smartphones: the problem and the solution"},"content":{"rendered":"<p>Smartphones, tablets, and even cars with Samsung Exynos microprocessors are at risk of remote hacking. Bug hunters at Google Project Zero say you just need the victim\u2019s phone number.<\/p>\n<p>This is due to the presence of <a href=\"https:\/\/googleprojectzero.blogspot.com\/2023\/03\/multiple-internet-to-baseband-remote-rce.html\" target=\"_blank\" rel=\"nofollow noopener\">18 vulnerabilities in the Exynos baseband radio processor<\/a>, which is widely used in Google, Vivo, Samsung, and many other smartphones. Four of them are critical and allow an attacker to remotely execute code on a victim\u2019s device without any action on their part. For the rest, either the mobile operator itself must perform malicious actions, or the hacker needs direct access to the device.<br>\nThese vulnerabilities can be fixed only with a firmware update \u2013 yet to be released. But in the meantime you need to keep yourself and your phone safe. Thankfully, there are temporary protective measures you can take.<\/p>\n<h2>What is a BRP?<\/h2>\n<p>A baseband radio processor (BRP) is the part of a smartphone, tablet, or other smart technology that handles wireless cellular communication in second to fifth-generation devices:<\/p>\n<ul>\n<li>2G\u00a0\u2014 GSM, GPRS, EDGE;<\/li>\n<li>3G\u00a0\u2014 CDMA, W-CDMA;<\/li>\n<li>4G\u00a0\u2014 LTE;<\/li>\n<li>5G\u00a0\u2014 5G NR.<\/li>\n<\/ul>\n<p>The BRP usually doesn\u2019t include Wi-Fi or Bluetooth functions.<\/p>\n<p>Once a dedicated chip, for more than a decade now it has been commonly integrated with the CPU. Nevertheless, the BRP has its own memory and a rather complex command system\u00a0\u2014 in fact, it\u2019s a full-fledged highly-specialized processor that actively exchanges data with the CPU and main memory.<\/p>\n<p>The BRP\u2019s executable code is written into it by the vendor, and it\u2019s effectively inaccessible to smartphone apps for analysis or modification. To the CPU, the BRP is a black box, but one with extensive access to the device\u2019s main memory where user data is stored.<\/p>\n<p>There are many companies that manufacture both CPUs and BRPs. Samsung\u2019s arm that makes memory chips and other microelectronics is called Samsung Semiconductor. Its flagship series of chips, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Exynos\" target=\"_blank\" rel=\"nofollow noopener\">Exynos<\/a>, is used in many (though not all) Samsung smartphones and tablets.<\/p>\n<h2>Vulnerabilities in Exynos<\/h2>\n<p>Project Zero researchers discovered that Exynos BRPs incorrectly process various service signals that the user receives from the cellular network. Upon receiving a malformed message, the chip can either freeze or, worse, run a piece of code loaded through the malicious message. Eighteen such bugs relating to service signal mismanagement were found, though to discourage hackers not all of these were described in detail.<\/p>\n<p>Since the BRP handles all communication with the cellular network, malicious code can be used for a whole range of spying purposes: from tracking the victim\u2019s geolocation to listening in on calls or stealing data from the smartphone memory. At the same time, because it\u2019s a black box, the BRP is virtually impossible to diagnose or disinfect, except by reflashing.<\/p>\n<p>The chips affected by the vulnerabilities are Exynos 850, 980, 1080, 1280, 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.<\/p>\n<p>Unfortunately, vendors don\u2019t always disclose details about which chips are installed in which devices. Using publicly available data, it was possible to compile an incomplete list of devices that most likely use these chipsets. It includes the following models:<\/p>\n<ul>\n<li>Samsung Galaxy A04, A12, A13, A21s, A33, A53, A71, M12, M13, M33, S22;<\/li>\n<li>Vivo S6, S15, S16, X30, X60, X70;<\/li>\n<li>Google Pixel 6, 6a, 6 Pro, 7, 7 Pro;<\/li>\n<li>Any vehicles with the Exynos Auto T5123 chipset.<\/li>\n<\/ul>\n<h2>How to stay safe<\/h2>\n<p>The main way to protect yourself is by updating the BRP firmware, which usually occurs during a full firmware update of the smartphone. For instance, Google already released bug fixes for the Pixel 7 and 7 Pro as part of its March update. Unfortunately, the Pixel 6 and 6 Pro are still vulnerable at the time of posting. We recommend that Pixel owners install the latest firmware through their smartphone settings without delay.<\/p>\n<p>Samsung has also released code updates for the Exynos BRPs, but has yet to fix all the vulnerabilities. What\u2019s more, the vendor of each particular device containing these chips must independently package these fixes into their new firmware. At the time of posting, such firmware for other vulnerable devices was not yet available. It goes without saying that you\u2019ll need to install these updates as soon as they appear.<\/p>\n<p>Until then, Project Zero researchers recommend <a href=\"https:\/\/9to5google.com\/2023\/03\/17\/wi-fi-calling-off\/\" target=\"_blank\" rel=\"nofollow noopener\">disabling Voice over LTE (VoLTE) and Wi-Fi calling<\/a> on smartphones with Exynos BRPs. This may degrade the quality of voice calls and slow down call connection, but will have no impact at all on the speed and quality of internet access. Until the release of the new firmware, this will protect devices from potential hacking, albeit with some loss of functionality.<br>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-geek\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerabilities found in the Exynos chipset allow Samsung, Vivo and Google smartphones to be remotely hacked\u00a0if the owner\u2019s phone number is known. How is this possible, and how to protect yourself?<\/p>\n","protected":false},"author":2722,"featured_media":31718,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2646,9],"tags":[1324,1107,105,22,78,457,268],"class_list":{"0":"post-31717","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-tips","9":"tag-4g","10":"tag-5g","11":"tag-android","12":"tag-google","13":"tag-hackers","14":"tag-samsung","15":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/samsung-exynos-vulnerabilities\/31717\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/samsung-exynos-vulnerabilities\/25392\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/samsung-exynos-vulnerabilities\/20831\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/samsung-exynos-vulnerabilities\/27998\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/samsung-exynos-vulnerabilities\/25689\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/samsung-exynos-vulnerabilities\/26108\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/samsung-exynos-vulnerabilities\/28555\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/samsung-exynos-vulnerabilities\/34883\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/samsung-exynos-vulnerabilities\/47586\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/samsung-exynos-vulnerabilities\/20344\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/samsung-exynos-vulnerabilities\/20962\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/samsung-exynos-vulnerabilities\/29924\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/samsung-exynos-vulnerabilities\/25996\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/samsung-exynos-vulnerabilities\/31407\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/samsung\/","name":"Samsung"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/31717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=31717"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/31717\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/31718"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=31717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=31717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=31717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}