A new report from Project Zero, Google’s internal security research team, says that a long list of devices using Exynos modems are at high risk of major security breaches that would give remote users the ability to “compromise a phone at the baseband level”. .” Notably, the recently released Pixel 7 is among those open to attack, along with the Pixel 6 and Samsung Galaxy S22, to name just a few.
Obviously, this is a major problem, but all hope is not lost as the problem can certainly be fixed. The big question is when a fix will arrive for all affected devices. Here’s everything you need to know about the vulnerability and what you can do to keep your smartphone safe.
Why Samsung and Pixel phones are in danger
The Project Zero report says that the vulnerabilities originate from Exynos modems made by Samsung Semiconductor. According to tests conducted by Project Zero, the attacker was able to compromise affected devices simply by knowing the victim’s phone number. Due to the severity of the problem, Project Zero believes that “skilled attackers could quickly create an operational exploit to silently and remotely compromise affected devices.”
Due to the amount of sensitive information that is stored on smartphones, this could become a major problem if it is not fixed immediately. Project Zero found 18 vulnerabilities in Exynos modems, but luckily, only four of them have the serious issues mentioned above. The other 14 are described as “not as severe, as they require a rogue mobile network operator or attacker with local access to the device.”
What Samsung and Pixel phones are affected?
The unfortunate part of the vulnerability is that Project Zero lists more than 20 devices that are at risk. Based on their findings, users with the following devices may be at risk of one of 18 vulnerabilities:
- Samsung mobile devices including S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series
- Vivo mobile devices including S16, S15, S6, X70, X60 and X30 series
- Pixel 6, Pixel 6a, Pixel 6 Pro, Pixel 7, and Pixel 7 Pro
- Any vehicle using the Exynos Auto T5123 chipset
Galaxy owners will notice that the Galaxy S21 and Galaxy S23 lines are absent from the list due to the fact that they use Qualcomm modems. The S22 models that are affected should only be those in selected countries in Europe and Africa, as the rest of the world’s S22 devices also use Qualcomm modems.
How to stay safe
While things may currently look bad for devices using Exynos modems, there are a few things owners can do to keep their phones safe. The first is to turn on automatic updates for any potentially affected devices. With that activated, the phone will receive security patches as soon as they are activated. Google has already started to focus on resolving the issue and reports that its March security update should fix any issues with its hardware.
What about Samsung? In response to these security concerns, Samsung gave Digital Trends the following statement:
“Samsung takes the security of our customers very seriously. After determining that 6 vulnerabilities could potentially affect select Galaxy devices, none of which were “serious”, Samsung released security patches for 5 of them in March. Another security patch will be released in April to address the remaining vulnerability.”
“As always, we recommend that all users keep their devices up to date with the latest software to ensure the highest level of protection possible.”
While device owners wait for solutions, Project Zero has some suggestions on what they can do to minimize their risks, including disabling Wi-Fi calling and Voice over LTE (VoLTE). Doing this could degrade the audio quality of your phone. calls, but the alternative of remaining at risk is much worse. Other than tweaking those two settings, there isn’t much else that can be done while we all wait for potential fixes to go live.
Editors’ Recommendations
