Google researchers have discovered 18 critical flaws in Samsung’s Exynos modems, which are integrated into many smartphones from Samsung, Google and Vivo. Four of the flaws are particularly serious, and make it possible to take control of devices remotely and without the knowledge of the victim, knowing only their telephone number.
Researchers from Google’s Project Zero have published a report to announce the discovery of four very serious zero-day flaws, and 14 other less severe flaws in Samsung’s Exynos modems. These chips are part of SoCs (System on a Chipmost often called processors by misuse of language) of the brand, but are also used by other manufacturers.
According to Google, the four most critical allow a malicious individual to take control of a smartphone remotely knowing only his telephone number, without action by the victim and without the latter being alerted. The other 14 flaws are less serious because they require either compromising the mobile operator or physical access to the device.
Samsung, Vivo and Google smartphones affected, as well as cars
The devices affected are the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series from Samsung, the S16, S15, S6, X70, X60 and X30 from Vivo, the Google Pixel 6 and 7 and finally cars equipped with the Exynos Auto T5123 chip. According to its usual policy, Google informed Samsung and waited 90 days before publishing a report on the flaws to give the manufacturer time to create a fix. However, given the severity, the researchers have not given more information on the first four flaws at this time, and have only published the details of four of the remaining 14 flaws which have also passed the 90-day deadline.
Google has already released a fix for the Pixel 6 and 7, so there’s a rush to update your device if you haven’t already. For other devices, it will be necessary to wait for the manufacturer to publish its own patch. Until then, researchers advise disabling Wi-Fi Calling and 4G Calling (or Voice over LTE) in Android’s settings.