If you own a smartphone that uses Exynos Modems made by Samsung, you might want to turn off a couple of features. Google’s Project Zero security team has discovered 18 zero-day issues involving those models, which cover quite a few smartphones.
Google stated four of these issues are particularly severe. It stated:
Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.
The list of smartphones affected by these issues include:
- Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
- Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
- The Pixel 6 and Pixel 7 series of devices from Google; and
- any vehicles that use the Exynos Auto T5123 chipset.
The somewhat good news for owners of the Pixel 6 and 7 phones is that Google has fixed one of the issues in its latest March 2023 security update. While people wait for the other phones to get patches, Google recommends owners should turn off Wi-Fi calling and Voice-over-LTE (VoLTE) features in the phone’s settings so they are not affected by the issue.