Project Zero, Google’s own cybersecurity research team, warns of several serious issues with Samsung Exynos modems in a blog post. According to the post, the modems have a number of vulnerabilities that could “allow an attacker to remotely compromise a phone without user intervention.” They should be considered as “day one vulnerabilities” – that is, requiring immediate correction.
A total of 18 vulnerabilities were found. 4 of them are so severe that they only require a phone number to access modem data such as phone calls and text messages. The remaining 14 are less of a concern as they require access to the carrier’s system or local access to the device. However, Project Zero says it does not intend to share more information about them, despite its usual transparency policy.
Google has compiled a list of vulnerable devices:
- Mobile devices from Samsung models Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04;
- Mobile devices from Vivo models S16, S15, S6, X70, X60 and X30;
- Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro;
- Any wearable device that uses the Exynos W920 chipset;
- Any vehicles that use the Exynos Auto T5123 chipset.
Project Zero encourages owners of devices with these chipsets to install upcoming security updates as soon as possible. Disabling calls over Wi-Fi and VoLTE in the device settings can also help.