Project Zero, which is Google’s team dedicated to security research, has found several issues with Samsung modems that power devices like the Pixel 6, Pixel 7, as well as some models of the Galaxy S22 and A53.
According to the team, various Exynos modems have a series of vulnerabilities that could “allow an attacker to remotely compromise a phone at the baseband level with no user interaction” without needing much more than a victim’s phone number. And to make things worse, Samsung is apparently not doing enough to quickly fix these loopholes.
The team also warns that savvy hackers could exploit the issue “with only limited additional research and development.” On its end, Google will release a security update in March for Pixel phones, but what about other devices? Your guess is as good as mine…
In total, they have found 18 vulnerabilities in the modems — four of which allow “Internet-to-baseband remote code execution.” The rest were more minor, requiring “either a malicious mobile network operator or an attacker with local access to the device.”
According to the researchers, the following devices may be at risk:
- Samsung smartphones, including those in the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
- VivoMobile smartphones, including those in the S16, S15, S6, X70, X60 and X30 series
- Wearables that use the Exynos W920 chipset
- Vehicles that use the Exynos Auto T5123 chipset
A piece of good news is that, in many cases, the popular Samsung Galaxy S22 smartphone uses Qualcomm’s modem rather than the vulnerable one made by Samsung. The problem, however, is with S22 units sold in Europe and Africa, which do use Samsung’s chip. And the same goes for the popular midranger A53 — it, too, is vulnerable.
In contrast, the S21 and S23 are safe as they both either use Qualcomm’s solution or older Exynos chips that are not affected by these bugs.
If you own one of the affected devices and want to be on the safe side, Project Zero suggests turning off Wi-Fi calling and Voice-over-LTE. This will make your calls slightly worse, but it could be worth it.
Unfortunately, a VPN can’t keep you safe from vulnerabilities like these, but it will keep your web whereabouts hidden from the prying eyes of advertisers looking to sell you more stuff than you need. So, make sure to keep your devices up to date at all times, and get yourself the best VPN money could buy. And you know where to find that, right?