Eric Zeman / Android Authority
Galaxy S22 Ultra vs Pixel 6 Pro
TL;DR
- Google’s Project Zero has found 18 active vulnerabilities on Samsung’s Exynos modems.
- Four of those vulnerabilities can give hackers access to your phone by simply knowing your phone number.
- Affected devices using the unsafe Exynos modems include the Galaxy S22 series, Pixel 6 series, and several other phones.
Update: March 20, 2023 (1:16 AM ET): Samsung Semiconductor updated its advisories to remove the Exynos W920 as an affected chipset, so we have also removed it from the below-mentioned affected devices section. Moreover, Samsung has clarified to Google that the Galaxy A21s is the correct affected device, not the A21 as originally stated. We’ve also fixed that in the list of the affected devices.
Original article: March 17, 2023 (12:38 AM ET): Google’s Project Zero security research team has posted a blog highlighting active vulnerabilities in Samsung’s Exynos modems. Four of the 18 reported security issues with the Samsung chips in question are severe and could give hackers access to your phones with just the help of your phone number.
Security researchers usually don’t disclose vulnerabilities until after they are resolved. However, it seems Samsung has been dragging its feet on the issue. Project Zero researcher Maddie Stone tweeted (via TechCrunch) that “end-users still don’t have patches 90 days after the report.”
According to researchers, the following phones and other devices, including vehicles, can be compromised if hackers were to exploit the at-risk Exynos chips:
- Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series.
- Vivo S16, S15, S6, X70, X60 and X30 series.
- The Pixel 6 and Pixel 7 series.
- Any vehicles that use the Exynos Auto T5123 chipset.
Notably, Google has patched the issues in its March security update for Pixel 7 series. However, the update still hasn’t reached the Pixel 6, Pixel 6 Pro, and Pixel 6a, which means these phones aren’t currently safe from hackers capable of exploiting the specified internet-to-baseband remote code execution vulnerability.
“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,” Project Zero noted in its report.
How can you protect yourself?
While we await Samsung and other vendors to resolve the issues affecting the Exynos chips, Google recommends you turn off Wi-Fi calling and Voice-over-LTE (VoLTE) on the affected devices. You should also keep an eye out for any upcoming security updates and grab them as soon as possible.
