Hacker News new | past | comments | ask | show | jobs | submit login
Multiple Internet to Baseband RCE Vulnerabilities in Exynos Modems (googleprojectzero.blogspot.com)
6 points by jiripospisil on March 16, 2023 | hide | past | favorite | 1 comment



Ouch – I’m glad they held off on their normal publication deadline if this is as easy to figure out as they suggest:

> Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

> Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: