Google’s Project Zero team, which focuses on security research, has found vulnerabilities in Samsung’s Exynos modems that could put affected users at risk of attack.
According to iTechpost, Project Zero detected a number of affected devices, including Google’s Pixel 6 and 7, as well as Samsung’s Galaxy S22 and A53. A total of 18 zero-day vulnerabilities in Exynos modems from late 2022 to early 2023 were discovered and manufactured by Samsung Semiconductor. According to the report, hackers can easily access affected models until Samsung releases a fix for its modem.
Of the 18 vulnerabilities, four could put users at serious risk because they allow hackers to remotely execute code at the baseband level without interacting with the user. All the attacker needs to do is the target’s phone number.
Reportedly, Project Zero has 90 days for them to disclose information about the vulnerabilities to the public. According to Google’s security team, 5 vulnerabilities have been disclosed previously, while 9 vulnerabilities are still kept secret because they have not reached the 90-day mark. The remaining four vulnerabilities will not be made public by the company because Google says attackers can benefit more from the information they disclose. Essentially, the company simply delayed making the vulnerability public.
Talking about the devices affected by the mentioned vulnerabilities, they include products using Samsung’s Exynos chip (Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04) ); Vivo (S16, S15, S6, X70, X60, and X30); Google (Pixel 6 and 7); wearable devices using the Exynos W920 chip; any vehicle using the Exynos Auto T5123 chip.
Project Zero recommends that to avoid remote code execution vulnerabilities with Exynos chips, users can disable Wi-Fi and Voice-over-LTE calling in device settings as these eliminate the risk. exploited by hackers until security updates are deployed.
Many owners of Samsung’s Galaxy S21 and S22 are still safe from the vulnerability because the company uses Exynos chips in some markets, while others use Qualcomm’s Snapdragon chips and modems.