AFTER a series of computer hacks broke out globally, this week it was reported that the Samsung Exynos Auto T5123 chip found in some Volkswagen Group models is very vulnerable to hacking, with serious signs. potential for vehicle owners.
Hackers will gain access to all information contained on the chip through connection to linked devices such as phones, tablets, laptops etc and can even disable the media remotely by sending a text message to the vehicle.
The news comes less than two years after the tech giant signed an agreement with the Volkswagen Group to supply its latest-generation Exynos automotive computer chip and is said to affect at least three sets of smartphones. main processor used in a wide range of vehicle models.
The first is the Exynos Auto V7 chip used for the comprehensive in-car infotainment system and is a component of Volkswagen’s latest in-car application server, the second is the Exynos S2VPSO1 chip for power management and the third is the Exynos Auto T5123 for the fifth generation (5G). ) mobile device connection.
GoAuto asked Volkswagen Australia which models are affected by the unsafe chips but could not determine the answer.
Upon release, Samsung executive vice president Park Jae-hong said the chips will provide “smarter and more connected automotive technologies to deliver rich in-vehicle experiences, including entertainment , safety and comfort are becoming important features on the road.”
“With its cutting-edge 5G modem, artificial intelligence-enhanced multi-core processor, and market-proven PMIC (Power Management Integrated Circuit) solution, Samsung is transferring its expertise in mobility solutions into its automotive product line and is poised to expand its presence in this area,” he said in November 2021.
For the technically savvy, the Exynos Auto T5123 T5123 chipset brings fast data connectivity to the car so users can stay connected, stream high-resolution video, or even play games. online on the go.
The chipset supports both 5G SA (Standalone) and NSA (Non-Standalone) networks and offers maximum download speeds of up to 5.1Gbps. The chipset has two ARM Cortex-A55 CPU cores, LPDDR4X RAM, GPS and compatibility with PCIe interface.
But according to a report published by Google’s Project Zero security team – a group of security researchers at Google that specializes in researching zero-day vulnerabilities in hardware and software systems as well as ways to improve them. significantly improve the safety and security of the Internet – Samsung’s Exynos chip “is super vulnerable right now”.
The Project Zero team discovered a vulnerability in units that could allow hackers to remotely attack using executable code via SMS to an unpatched device. In other words, a system takeover of the vehicle can be done with just one mobile phone number of the owner.
In total, the Project Zero team has identified 18 zero-day vulnerabilities in the Exynos modem, of which four are the most severe that can remotely execute code via SMS.
Google Project Zero spokesman Tim Willis said: “Tests conducted by Project Zero confirm that those four vulnerabilities allow attackers to remotely penetrate the phone at the baseband level without requires user interaction and only requires the attacker to know the victim’s phone number.”
“With limited additional research and development, we believe skilled attackers will be able to quickly create an exploit to infiltrate affected devices silently and from the ground up. distant.”
This vulnerability does not only apply to automotive chips provided by the Volkswagen Group. Mr. Willis said multiple Samsung mobile devices were also involved, including those from the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series.
Vivo’s mobile devices, including devices from the S16, S15, S6, X70, X60 and X30 series as well as Google’s Pixel 6 and Pixel 7 series devices, are also understood to be affected.
Since the Exynos Auto processors are used by other vehicle manufacturers, it is also possible that vehicles not manufactured by the Volkswagen Group could be affected by this vulnerability.
The investigation continues.
