Google’s security team, Project Zero, just turned up the heat on Samsung – and worried millions of people using phones, wearables or even automobiles that have certain Samsung components.
According to their blog post, a number of Samsung Exynos modems, used in multiple brands of Android phones, have serious vulnerabilities. Due to those vulnerabilities, with only a phone number and nothing else could “allow an attacker to remotely compromise a phone at the baseband level with no user interaction”.
Even Google’s Pixel phones use Exynos modems and they will receive a patch to solve the problem. Right now, it’s not available for Pixel 6, 6A or 6 Pro, but it’s probably coming soon.
So, what other phones are vulnerable right now?
Unfortunately, it’s quite a long list. What you need to do to protect yourself until patches arrive is to turn off VoLTE and / or Wi-Fi calling if you have a device from this list.
Most phones from Samsung suffer, including the Galaxy S22 lineup, as well as the popular A71, A53, and M33 among others.
Vivo phones are also affected, including the X60 and X30 series.
The vulnerabilities are also present in any wearables that use the Samsung Exynos W920 chipset and any vehicles with the Exynos Auto T5123 chipset.
“In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution,” write the Google researchers.
For the full list of devices affected, read their announcement.
To our knowledge, Samsung didn’t issue a comment yet.