Multiple bugs, four of them potentially severe, have been detected in the Exynos semiconductor chipsets used in Samsung phones by Google’s dedicated zero-day detection team Project Zero.
A zero-day bug or exploit is so called because cybersecurity professionals have “zero days” – in other words, no time – to patch it, meaning if crooks find it first they can strike a target’s systems without warning.
Google’s bug-hunting team claims to have found no less than 18 of them lurking in the Samsung devices, of which four could theoretically enable a threat actor to hijack a device through remote-code execution.
“Those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number,” said Project Zero.
“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.”
Samsung Exynos users are recommended to disable Wi-Fi calling and Voice-over-LTE (VoLTE) until the bugs have been patched.
“Turning off these settings will remove the exploitation risk of these vulnerabilities,” said Project Zero.
A pro-Russian hacking group claimed to have breached Samsung's internal servers earlier this year.
Subscribe to our newsletter