As security flaws are often an area of concern, companies work harder every time a security flaw is found in their product to fix it. This time, the products that seems to be affected by a serious security flaw are Exynos modems that are employed in the most recent phones such as the Pixel 6, Pixel 7, and some of the Samsung Galaxy S22 and Galaxy A53 models.
What is the security flaw?
The security flaw in Samsung Exynos modems has been found by Google’s dedicated security research team, Project Zero. Based on the blog post published by the company, a variety of Exynos modems have a series of vulnerabilities that could potentially “allow an attacker to remotely compromise a phone at the baseband level with no user interaction“. Furthermore, the team also warned in the blog post that hackers could exploit the issue “with only limited additional research and development.”
Project Zero in total found 18 vulnerabilities in the modems, out of which four are the major ones that allow “Internet-to-baseband remote code execution.” Google says that it is not sharing additional information on those at the moment as it could benefit attackers more than it would benefit the defenders. The rest are minor that requires “either a malicious Mobile network operator or an attacker with local access to the device.”
Read More: Samsung Exynos 2300 Processor Likely to Power Google Pixel 8 Pro: Details leaked
Who are affected?
The list of affected devices mentioned by the team include the Samsung Galaxy S22, Galaxy M33, Galaxy M13, Galaxy M12, Galaxy A71, Galaxy A53, Galaxy A33, Galaxy A21s, Galaxy A13, Galaxy A12 and Galaxy A04.
Besides Samsung phones, Vivo phones such as the Vivo S16, Vivo S15, Vivo X70, Vivo X60, and Vivo X30 series are also affected as they use Samsung models. Any vehicle that uses Exynos Auto T5123 Chipset is also vulnerable. Apart from that, Google Pixel 7 and Pixel 6 series smartphones are also a part of the list of affected devices.
Potential solution
While a permanent fix is required from the vendor’s end as soon as possible, those users at risk can protect themselves from the baseband remote code execution vulnerabilities mentioned above by turning off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings, until the fix comes in.