Google’s Project Zero, a team dedicated to security research, has uncovered major security vulnerabilities in Samsung modems that power devices like the Pixel 6, Pixel 7, and some models of the Galaxy S22 and A53. According to the team’s blog post, certain Exynos modems have multiple vulnerabilities that could lead to a remote compromise of the phone at the baseband level without any user interaction. This means that attackers could gain control of the phone with just the victim’s phone number.
Major Devices Such as Samsung Galaxy S22, A53, Google Pixel 6 and Pixel 7 are Vulnerable to Hacking with Just a Mobile Phone Number
Furthermore, the team warns that experienced hackers could exploit this issue with minimal additional research and development. Despite the severity of the situation, it seems like Samsung has been slow to address the problem.
Google has said that the March security update for Pixels should patch the problem. However, it’s not yet available for the Pixel 6, 6 Pro, and 6a. The researchers believe that the following devices may be at risk: we are talking about mobile devices from Samsung. Including those in the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series. In addition to mobile devices from Vivo, including those in the S16, S15, S6, X70, X60, and X30 series. Also, any wearables that use the Exynos W920 chipset and any vehicles that use the Exynos Auto T5123 chipset.
It’s important to note that for devices to be vulnerable, they must use one of the affected Samsung modems. This is a relief for many S22 owners as the phones sold outside of Europe and some African countries have a Qualcomm processor and use a Qualcomm modem, which is safe from these specific issues. However, phones with Exynos processors, such as the popular midrange A53, and European S22, could be vulnerable.
Gizchina News of the week
Popular Samsung Galaxy and Google Pixel smartphones can be hacked using only a mobile phone number
For those who use vulnerable modems and are concerned about the exploitation of their phones, Project Zero advises turning off Wi-Fi calling and Voice-over-LTE. This may lead to worse call quality, but it’s worth it to protect your phone.
Normally, security researchers wait until a fix is available before announcing a bug or wait a certain amount of time after reporting it without any fix in sight. However, in this case, Project Zero researcher Maddie Stone tweeted that “end-users still don’t have patches 90 days after the report,” which appears to be a push for Samsung and other vendors to address the issue.
Overall, Project Zero found 18 vulnerabilities in the modems. Four of them are significant, allowing “Internet-to-baseband remote code execution.” Google has said that it’s not sharing additional information on those vulnerabilities because they could be easily exploited. The rest of the vulnerabilities require either a malicious mobile network operator or an attacker with local access to the device. While this is still a concern, it’s not as severe as the other vulnerabilities.
Project Zero notes in its report that “With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,”.
List of affected devices:
- Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
- Vivo S16, S15, S6, X70, X60 and X30 series.
- The Pixel 6 and Pixel 7 series.
- Any wearables that use the Exynos W920 chipset.
- Any vehicles that use the Exynos Auto T5123 chipset.
In conclusion, Samsung users should be cautious about using their phones until the company addresses the issue. Project Zero has provided some tips on how to protect your phone. But it’s ultimately up to Samsung to fix the issue. It’s important to note that vulnerabilities can be found in any device. And it’s essential to stay up to date with security updates to protect your data and privacy.