Project Zero, Google’s dedicated security team, has found serious problems with Samsung modems that include devices like the Pixel 6, Pixel 7, and some models of the Galaxy S22 and A53. A set of Exynos modems have a number of vulnerabilities that could “allow an attacker to remotely compromise a phone at the baseband level without user interaction” without needing much more than the victim’s phone number. The team also warns that attackers could exploit the issue “with only limited additional research and development.” Google says the March security update for the Pixels should patch the issue. The researchers say they believe the following devices may be at risk:
- Samsung mobile devices, including Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
- Vivo mobile devices including S16, S15, S6, X70, X60 and X30 series
- Any wearable that uses the Exynos W920 chipset
- Any vehicle using the Exynos Auto T5123 chipset
Samsung Galaxy S22 Utra It should be noted that for the devices to be vulnerable, they have to use one of the affected Samsung modems. Unfortunately, in Europe, the Galaxy S22 series came with an Exynos processor and modem, so they are affected. In theory, the S21 and S23 are safe: Samsung’s newer flagships use Qualcomm worldwide, and older ones with Exynos chips use a modem that doesn’t appear on Samsung’s list of affected chips. If you know your phone uses one of the vulnerable modems, and you’re worried it could be exploited, Project Zero says you can protect yourself by turning off Wi-Fi calling and Voice over LTE Traditionally, security researchers wait for a fix to become available before to announce that they have found the bug, or until some time has passed since they reported it with no solution in sight. However, Maddie Stone, a researcher at Project Zero, tweeted that “end users still have no patches 90 days after report,” which appears to be a notice to Samsung and other vendors that they need to fix the issue.
