A new report from Project Zero, Google’s internal security research team, says a laundry list of devices using Exynos modems are at high risk of major security breaches that would give remote users the ability to “hack a phone at the baseband level” very easily. . Notably, the recently released Pixel 7 is among the devices open to attack, along with the Pixel 6 and Samsung Galaxy S22, to name a few.
This is obviously a big problem, but not all hope is lost, as the problem can definitely be fixed. The big question is when will a fix come for all affected devices. Here’s everything you need to know about the vulnerability and what you can do to keep your smartphone secure.
Why Samsung and Pixel phones are at risk
The report from Project Zero says that the vulnerabilities originate in Exynos modems made by Samsung Semiconductor. According to tests conducted by Project Zero, affected devices were hacked by the attacker once the victim’s phone number was known. Given the severity of the issue, Project Zero believes that “skilled attackers will be able to quickly create an operational vulnerability to silently and remotely compromise affected devices.”
Given the amount of sensitive information that is kept on smartphones, this can turn into a huge problem if not dealt with immediately. Project Zero found 18 vulnerabilities in Exynos modems, but fortunately, only four of them have the critical issues mentioned above. The other fourteen were described as “not dangerous, as they would require either a malicious mobile network operator or an attacker with local access to the device.”
Which Samsung and Pixel phones are affected?
The unfortunate part of the vulnerability is that Project Zero lists more than 20 vulnerable devices. According to their findings, users with the following devices may be at risk of one of the 18 vulnerabilities:
- Samsung mobile devices, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 series
- Vivo mobile devices, including those in the S16, S15, S6, X70, X60, and X30 series
- Pixel 6, Pixel 6a, Pixel 6 Pro, Pixel 7, and Pixel 7 Pro phones
- Any vehicles using Exynos Auto T5123 chipset
Galaxy owners will notice that the Galaxy S21 and Galaxy S23 lines are not on the list due to the fact that they use Qualcomm modems. The affected S22 models must be those in selected European and African countries since the rest of the S22 devices in the world also use Qualcomm modems.
How to keep safe
While things may currently look bad for devices that use Exynos modems, there are a few things owners can do to keep their phones safe. The first is to turn on automatic updates for any potentially affected devices. When that is turned on, the phone will get security patches as soon as they are deployed. Google has already started focusing on fixing the issue and reports that the March security update should fix any issues with its devices.
What about Samsung? In response to these security issues, Samsung Digital Trends gave the following statement:
Samsung takes the safety of our customers very seriously. After identifying 6 vulnerabilities that could affect specific Galaxy devices, none of which were ‘critical’, Samsung released security patches for 5 of these in March. Another security patch will be released in April to address the vulnerability remaining.”
As always, we recommend that all users update their devices with the latest software to ensure the highest possible level of protection.
As device owners await fixes, Project Zero has a few suggestions for what they can do to reduce their risk, including turning off Wi-Fi calling and Voice over-LTE (VoLTE.) Doing so will degrade the sound quality of your calls, but The alternative to staying at risk is much worse. Other than adjusting these two settings, there is not much that can be done as we are all waiting for the potential fixes to take effect.
Leave a Reply