Google found critical vulnerabilities in Samsung modems

Google's Project Zero team revealed serious vulnerabilities that pose a threat to smartphones with Exynos modems.

These modems are used in the Pixel flagship, as well as many Samsung, Vivo and other smartphones. There are 18 vulnerabilities found but 4 of them are extremely severe. These 4 may let hackers 'remotely compromise a phone at the baseband level with no user interaction', knowing only the victim's phone number.

Google team warns that skilled attackers can quickly create a workable solution to exploit the vulnerabilities for nefarious purposes.

The following devices may be at risk:

• Mobile devices from Samsung, including those in the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
• Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series
• any wearables that use the Exynos W920 chipset
• any vehicles that use the Exynos Auto T5123 chipset

The team shares the following suggestion:

Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.

However, there is one more pitfall for Pixel smartphone owners: in Google Pixel smartphones due to the 2021 update VoLTE is activated automatically and it is impossible to disable it.

But Google says a March security update for Pixel devices should fix the problem, though it's not yet available for the Pixel 6, Pixel 6 Pro and Pixel 6a.