{"id":4494,"date":"2023-03-18T21:34:33","date_gmt":"2023-03-18T20:34:33","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4494"},"modified":"2023-03-18T23:43:04","modified_gmt":"2023-03-18T22:43:04","slug":"pronadjeno-18-ranjivosti-u-samsung-exynos-cipovima","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/03\/18\/pronadjeno-18-ranjivosti-u-samsung-exynos-cipovima\/","title":{"rendered":"Prona\u0111eno 18 ranjivosti u Samsung Exynos \u010dipovima"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Prona\u0111eno 18 ranjivosti u <em>Samsung<\/em> <em>Exynos<\/em> \u010dipovima koji se koriste u mobilnim ure\u0111ajima, nosivim ure\u0111ajima i automobilima.<\/span><\/p>\n<div id=\"attachment_4496\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4496\" class=\"size-full wp-image-4496\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Samsung-Exynos.jpg\" alt=\"Samsung Exynos\" width=\"1024\" height=\"681\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Samsung-Exynos.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Samsung-Exynos-300x200.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Samsung-Exynos-768x511.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Samsung-Exynos-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4496\" class=\"wp-caption-text\"><em>Prona\u0111eno 18 ranjivosti u Samsung Exynos \u010dipovima; Dizajn: Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\"><em>Google<\/em> sigurnosni tim <em>Project<\/em> <em>Zero<\/em> je prona\u0161ao 18 ranjivosti nultog dana (eng. <em>zero-day<\/em>) koje su ozna\u010dene kao veoma opasne, po\u0161to omogu\u0107avaju daljinski izvr\u0161enje k\u00f4da sa Interneta u <em>baseband<\/em> \u010dipovima, koji omogu\u0107avaju pametnim telefonima i tabletima da se povezuju na mobilne mre\u017ee, a koriste se kako za prenos zvu\u010dnih zapisa tokom razgovora, tako i za prenos podataka.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-size: 14pt;\"><strong>Daljinsko izvr\u0161avanje k\u00f4da<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>Baseband <\/em>\u010dipovi u su\u0161tini pokrec\u0301u sopstveni minijaturni operativni sistem, na sopstvenom procesoru, i rade zajedno sa glavnim operativnim sistemom ure\u0111aja kako bi obezbijedili povezivanje sa mobilnom mre\u017eom za upu\u0107ivanje i odgovaranje na pozive, slanje i primanje podataka, roming na mre\u017ei itd. Ponekad, ranjivosti u ovom \u010dipu dozvoljavaju napada\u010du ne samo da provali u sam \u010dip sa Interneta ili telefonske mre\u017ee, ve\u0107 i da provali u glavni operativni sistem.<\/span><\/p>\n<blockquote><p><span style=\"font-size: 14pt;\">\u201c<em>Baseband<\/em> softver ne provjerava pravilno tipove formata atributa tipa prihvatanja koje je naveo <em>SDP<\/em>, \u0161to mo\u017ee dovesti do uskra\u0107ivanja usluge ili izvr\u0161avanja k\u00f4da u <em>Samsung<\/em> <em>Baseband<\/em> modemu\u201d &#8211;\u00a0 <a href=\"https:\/\/semiconductor.samsung.com\/support\/quality-support\/product-security-updates\/\" target=\"_blank\" rel=\"noopener\">navodi <em>Samsung<\/em> u svojoj izjavi<\/a> kojom opisuje ranjivost <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-24033\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-24033<\/em><\/a>.<\/span><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Jednostavno govore\u0107i, ovaj sigurnosni propust daljinskog izvr\u0161avanja k\u00f4da zna\u010di da kriminalci mogu da ubace <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni<\/a> ili <a href=\"https:\/\/sajberinfo.com\/en\/2021\/10\/01\/spyware\/\" target=\"_blank\" rel=\"nofollow noopener\">\u0161pijunski softver<\/a> preko Interneta u dio korisni\u010dkog telefona koji \u0161alje i prima mre\u017ene podatke, a da nemaju fizi\u010dki pristup ure\u0111aju, mame\u0107i korisnike na la\u017ene Internet stranice, ubje\u0111uju\u0107i korisnike da instaliraju sumnjivu aplikaciju, \u010dekaju da korisnik klikne na pogre\u0161no dugme u iska\u010duc\u0301em upozorenju, ili prevare korisnika <a href=\"https:\/\/sajberinfo.com\/en\/2022\/01\/02\/phishing-meta-su-ljudi-ne-tehnologija\/\" target=\"_blank\" rel=\"nofollow noopener\">na bilo koji drugi na\u010din<\/a>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>\u010cetiri kriti\u010dne ranjivosti<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Da stvari budu jo\u0161 gore, uz minimalno dodatno istra\u017eivanje, iskusni napada\u010di bi lako mogli da naprave eksploataciju sposobnu da daljinski kompromituju ranjive ure\u0111aje bez privla\u010denja pa\u017enje \u017ertvi napada.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\">\u201cJedina informacija koja je potrebna da bi napadi bili izvedeni je broj telefona \u017ertve.\u201d &#8211; ka\u017ee <a href=\"https:\/\/googleprojectzero.blogspot.com\/2023\/03\/multiple-internet-to-baseband-remote-rce.html\" target=\"_blank\" rel=\"noopener\"><em>Tim Willis<\/em>, \u0161ef projekta <em>Zero<\/em><\/a> i<em> nastavlja: <\/em>Zbog veoma rijetke kombinacije nivoa pristupa koji ove ranjivosti obezbje\u0111uju i brzine kojom vjerujemo da bi se mogao kreirati pouzdani operativni alat za zloupotrebu, odlu\u010dili smo da napravimo izuzetak od politike i da odlo\u017eimo otkrivanje \u010detiri ranjivosti koje omogu\u0107avaju daljinski izvr\u0161enje k\u00f4da sa Interneta u <em>baseband<\/em> procesorima.\u201d<\/span><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Preostalih 14 ranjivosti nisu kriti\u010dne, ali i dalje predstavljaju rizik za korisnike. Za njihovo uspje\u0161no iskori\u0161tavanje potreban je lokalni pristup ure\u0111ajima ili zlonamjerni operater mobilne mre\u017ee.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>Samsung<\/em> je objavila listu ure\u0111aja sa ranjivim <em>baseband<\/em> procesorima, a odnosi se na sljede\u0107e modele ure\u0111aja:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>Samsung<\/em> ure\u0111aji: <em>S22, M33, M13, M12, A71, A53, A33, A21, A13, A12<\/em> i <em>A04<\/em> serije;<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Pixel<\/em> ure\u0111aji: Serija <em>Pixel 6<\/em> i <em>Pixel 7<\/em>;<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Mobilni ure\u0111aji kompanije <em>Vivo<\/em>, uklju\u010duju\u0107i: <em>S16, S15, S6, X70, X60<\/em> i <em>X30<\/em> seriju;<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Svi nosivi ure\u0111aji sa <em>Exynos W920<\/em> \u010dipovima;<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Svako vozilo koje koristi <em>Exynos Auto T5123<\/em> \u010dip.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h4><span style=\"font-size: 14pt;\"><strong>Za\u0161tita korisnika<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>Samsung<\/em> je ve\u0107 spremila sigurnosna a\u017euriranja koja rje\u0161avaju ove ranjivosti u pogo\u0111enim \u010dipovima i proslijedila drugim proizvo\u0111a\u010dima, me\u0111utim a\u017euriranja nisu javna i ne mogu ih primijeniti svi pogo\u0111eni korisnici. Vrijeme dostupnosti a\u017euriranja za korisnike \u0107e se razlikovati u zavisnosti od proizvo\u0111a\u010da ure\u0111aja i njihove brzine.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Dok ne budu dostupna javna a\u017euriranja za sve pogo\u0111ene modele ure\u0111aja, korisnici mogu onemogu\u0107iti opcije <em>Wi-Fi calling<\/em> i <em>Voice-over-LTE<\/em> (<em>VoLTE<\/em>) kako bi zaustavili mogu\u0107nost napada.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Prona\u0111eno 18 ranjivosti u Samsung Exynos \u010dipovima koji se koriste u mobilnim ure\u0111ajima, nosivim ure\u0111ajima i automobilima. Google sigurnosni tim Project Zero je prona\u0161ao 18 ranjivosti nultog dana (eng. zero-day) koje su ozna\u010dene kao&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4496,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[297,298,93,199,100,236],"class_list":["post-4494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-baseband","tag-exynos","tag-malware","tag-samsung","tag-spyware","tag-zero-day"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4494"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4494\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4496"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}