0-Day Security Threat: Mobile Devices using Samsung Modem Chips

New vulnerabilities are consistently being found in both newer tech devices and applications, as well as devices and applications that have been around for years. Vulnerabilities can be found in software after changes are implemented or through complementary hardware running the application. Additionally, older applications that are no longer supported are often targets since they are no longer being updated to protect against security threats.

This post discusses a 0-day threat to some mobile devices using Samsung cellular mobile chips.

0-Day Security Threat: Mobile Devices using Samsung Modem Chips

The recent 0-day vulnerabilities found are related to Exynos modems created by Samsung Semiconductor. A total of eighteen 0-day vulnerabilities were found in these modems in addition to three other vulnerabilities. While the definition varies some, most importantly, a 0-day vulnerability is one that has been found by someone other than the developer that can be taken advantage of right away. In essence, the developer has no time to fix the vulnerability before users can be adversely affected.

Several devices have been identified as being likely to have one of the Exynos modems that the 0-day vulnerability affects. Some of these devices are:

  • Mobile devices from Samsung including S22, M33, M12, A13, and more.
  • Mobile devices from Vivo including the S16, X60, X30 and more.
  • Google mobile devices including the Pixel 6 and 7 series.
  • Vehicles that use the Exynos Auto T5123 chip.

Check out this article for more information including a more complete list of devices likely affected.

What the risk is

Of the vulnerabilities found, four include the ability for an attacker to remotely access a phone via the modem without any user input at all, rather the attacker simply needs to know the victims phone number.  Security vulnerabilities that can be executed without user interaction are a big threat because they limit the user's ability to protect themselves.

Luckily, the remainder of the known vulnerabilities related to the modem were deemed a lesser threat because they require more interaction and skill to exploit.

What is being done

The biggest thing that can be done for any security vulnerability is for the manufacturer of the software to build and release a security patch addressing the threat. Unfortunately, in this case, getting a patch to all of the devices can take some time. This happens because there are several different manufacturers who have the offending modem in their devices and each can have slightly different versions of software running on top of the hardware.

Some patches have already been created and pushed out to devices, like the affected Pixel devices. However, it is likely that not all of the at-risk devices have received patches yet.

What you can do

If you think you have a device that has one of the Exynos modems, and you are not sure if your device has received a patch to fix the vulnerabilities, you should follow the step below to protect the device from the threat.

To protect yourself from these threats, disable Wi-Fi calling and Voice-over-LTE using the settings on the at-risk device. Once a security fix has been released and installed on the device, simply re-enable the Wi-Fi and Voice-over-LTE in settings.

New security threats are discovered every day. Sometimes they affect a large majority of the population and other times they hit a smaller market. The best way to protect yourself is to make your best effort to be aware of the more common threats and do what you can to keep from falling victim to those threats. The recent 0-day threat affecting modems made by Samsung Semiconductor can easily be thwarted by disabling Wi-Fi and Voice-over-LTE until a patch has been installed.

As always, being aware of current threats is a great way to help prevent yourself from falling victim to them.