Google warns users to take action to protect against remotely exploitable flaws in popular Android phones

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Google’s security research unit is sounding the alarm on a set of vulnerabilities it found in certain Samsung chips included in dozens of Android models, wearables and vehicles, fearing the flaws could be soon discovered and exploited.

In a blog post, Google’s Project Zero head Tim Willis said the in-house security researchers found and reported 18 zero-day vulnerabilities in Exynos modems produced by Samsung over the past few months, including four top-severity flaws that could compromise affected devices “silently and remotely” over the cellular network.

“Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Willis said.
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
Google recommends disabling WiFi-Calling and Voice-over-LTE until patches are available.
Note: Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.

Other manufacturers include Samsung, Vivo, Google, including some wearables and vehicles are affected.
Affected devices
Samsung Semiconductor's advisories provide the list of Exynos chipsets that are affected by these vulnerabilities. Based on information from public websites that map chipsets to devices, affected products likely include:
  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
  • The Pixel 6 and Pixel 7 series of devices from Google;
  • any wearables that use the Exynos W920 chipset; and
  • any vehicles that use the Exynos Auto T5123 chipset.
 

oneeye

Level 4
Verified
Jul 14, 2014
174

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
It's only the Exynos Modem chips that are being referred to. Not "chip set" per say. Pixel uses their own processor, Tensor chip. But I get it, Samsung likely uses the full Exynos chip sets.
True, but it's the same modem chips that many different vendors use. Very common how companies/vendors implement parts also in laptops, PCs and Macs. I wouldn't be too surprised if it's many more vendors and models that's not on that list.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
849
Pixel uses their own processor, Tensor chip.
Tensor is a Samsung produced chip that shares design aspects with Exynos chips. They helped Google design it and produce the chips in their fab. That's why Google and Samsung phones have had similar issues like battery and heating in the past because they share similar designs and similar architecture.

The good news is that Google is on the ball security wise and does a lot of good research into its products, if they did not use Samsung produced chips these bugs would of never be found.

upnorth is right on shared hardware, most mobiles use Qualcomm modems and last time I checked a lot of phones use Sony cameras.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
The chips affected by the vulnerabilities are Exynos 850, 980, 1080, 1280, 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.

Unfortunately, vendors don’t always disclose details about which chips are installed in which devices.
The main way to protect yourself is by updating the BRP firmware, which usually occurs during a full firmware update of the smartphone. For instance, Google already released bug fixes for the Pixel 7 and 7 Pro as part of its March update. Unfortunately, the Pixel 6 and 6 Pro are still vulnerable at the time of posting. We recommend that Pixel owners install the latest firmware through their smartphone settings without delay. Samsung has also released code updates for the Exynos BRPs, but has yet to fix all the vulnerabilities. What’s more, the vendor of each particular device containing these chips must independently package these fixes into their new firmware. At the time of posting, such firmware for other vulnerable devices was not yet available. It goes without saying that you’ll need to install these updates as soon as they appear.

Until then, Project Zero researchers recommend disabling Voice over LTE (VoLTE) and Wi-Fi calling on smartphones with Exynos BRPs. This may degrade the quality of voice calls and slow down call connection, but will have no impact at all on the speed and quality of internet access. Until the release of the new firmware, this will protect devices from potential hacking, albeit with some loss of functionality.
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
This flaw means that someone could bring back the data from the part of the image that was cropped in mostly the same way the Pixel-based cropped image could be recovered. Buchanan stated, "The same exploit script works with minor changes (the pixel format is RGBA not RGB)." He added in a later post that the same issue is found with Microsoft's Snip & Sketch tool included with Windows 10, but apparently not with the original Windows 10 snipping tool.
Source: Windows 10 and 11 snipping tools are saving data you thought you had deleted
 

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Earlier this week, programmer and "accidental security researcher" Simon Aarons disclosed a bug in Google's Markup screenshot editing tool for its Pixel phones. Dubbed "acropalypse," the bug allows content you've cropped out of your Android screenshot to be partially recovered, which can be a problem if you've cropped out sensitive information.
https://arstechnica.com/gadgets/202...ou-uncrop-the-last-four-years-of-screenshots/
Google Pixel bug lets you “uncrop” the last four years of screenshots
Today, Aarons' collaborator, David Buchanan, revealed that a similar bug affects the Snipping Tool app in Windows 11. As detailed by Bleeping Computer, which was able to verify the existence of the bug, PNG files all have an "IEND" data chunkthat tells software where the image file ends. A screenshot cropped with Snipping Tool and then saved over the original (the default behavior) adds a new IEND chunk to the PNG image but leaves a bunch of the original screenshot's data after the IEND chunk.
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,810
While we don’t usually pay attention to security issues on Android and Windows devices, one caught our eye this week. Dubbed “acropalypse,” it affects photos and screenshots that have been cropped using built-in software in Pixel phones and Windows 11 PCs.

As discovered by programmer Simon Aarons, the bug is a weird one. While looking at photos cropped by the Markup tool exclusive to Pixel phones, Aarons found that the information that was supposedly cropped out wasn’t actually deleted from the image and could be recovered with some light legwork. He even built a quick demo app to demonstrate.


As if that wasn’t bad enough, a similar bug was discovered by Chris Blume and confirmed by David Buchanan that affects the Snipping Tool in Windows 11. A screenshot cropped with Windows’ Snipping Tool and saved over the original won’t show the cropped area but also won’t fully delete it.

As Blume explains: “I opened a 198 byte PNG with Microsoft’s Snipping Tool, chose ‘Save As’ to overwrite a different PNG file (no editing), and saved a 4,762 byte file with all that extra after the PNG IEND chunk.” That means the smaller cropped file is actually larger than the original image.

Like the Pixel bug, that data can be recovered with little effort. Most of the time, the cropped-out portion probably isn’t all that important, but it could be something sensitive or embarrassing that the user wouldn’t want anyone else to see.

Microsoft and Google are expected to issue patches to fix the vulnerability in an upcoming update. It’s not clear whether the bugs affecting Pixel phones and Windows PCs are related or just coincidental, but we’re sure of one thing: Apple devices aren’t affected.

Mac and iPhone users don’t have to worry about the “acropalypse” bug spreading to iPhones and Macs. We tested several cropped images using the Mac’s screenshot tool and Photo’s crop tool on the iPhone and in all instances, the cropped photos were significantly smaller than the original image, meaning data has been appropriately removed.

So crop away. And maybe ask your Windows friends if you can help them out while you’re at it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top