Samsung Phones May Be Vulnerable to Hacking Due to Flaw in Baseband Modem Chipsets

CVECVE-2023-26498
CVSScvssV3_1: 8.6
SourceCVE-2023-26498

Samsung phones running on certain Exynos chipsets are affected by a vulnerability that could allow hackers to take control of devices.

The vulnerability exists in the way these chipsets parse Session Description Protocol (SDP) attributes related to chat rooms. SDP is a protocol used for session setup and is processed by the baseband modem chip. Due to lack of input validation, sending a specially crafted SDP message could result in memory corruption on the device.

An attacker within Bluetooth range could exploit this to execute arbitrary code or escalate privileges on the phone. This would give them access to data, communications and even the ability to monitor the user through the device’s microphone and camera.

While a patch is expected from Samsung, users should be cautious about connecting to unknown Bluetooth devices and run the latest security updates. Using a VPN, especially on public networks, can also reduce risks. Monitoring privacy settings and limiting app permissions are additional precautions worth taking.

Staying alert to signs of compromise like unexpected app behavior can help identify attacks early. Samsung users are advised to only install apps from official app stores until their devices receive a software fix for this vulnerability.

References