A new report from Google's internal security research group, Project Zero, claims that a list of devices using Exynos modems are at risk of serious security breaches that would easily allow remote users to "compromise the phone at the level of the base generation". The recently released Pixel 7 is particularly open to attack, as are the Pixel 6 and Samsung Galaxy S22, to name a few.
Of course, this is a serious problem, but hope is not lost, because the problem can definitely be fixed. The big question is when the fix will be available for all affected devices. Here's what you need to know about the vulnerability and what you can do to protect your smartphone
Why are Samsung and Pixel phones vulnerable?
Project Zero reports that the vulnerabilities come from Exynos modems made by Samsung Semiconductor. According to tests conducted by Project Zero, affected devices can be compromised simply by knowing the attacker's phone number. Because of the severity of the problem, Project Zero believes that "skilled attackers will be able to quickly develop an exploit to attack compromised devices silently and remotely."
Considering how much sensitive data is stored on smartphones, this can become a serious problem if not addressed immediately. Project Zero found 18 vulnerabilities in Exynos modems, but fortunately only four of them have the serious problems mentioned above. The other 14 are described as "less serious, requiring either a malicious mobile network operator or an attacker with local access to the device".
Which Samsung and Pixel phones are affected?
The unfortunate thing about the vulnerability is that Project Zero lists over 20 devices that are vulnerable. According to their findings, users with the following devices may be at risk of 18 vulnerabilities:
- Samsung mobile devices including S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series
- Mobile devices from Vivo including S16, S15, S6, X70, X60 and X30 series
- Pixel 6, Pixel 6a, Pixel 6 Pro, Pixel 7 and Pixel 7 Pro
- Any car that uses the Exynos Auto T5123 chipset
Galaxy owners will notice that the Galaxy S21 and Galaxy S23 lines are missing from the list due to the use of Qualcomm modems. Affected S22 models should only be in certain countries in Europe and Africa, as S22 devices in the rest of the world also use Qualcomm modems.
How to protect yourself
While things may look bleak for devices using Exynos modems right now, there are things owners can do to keep their phones safe. The first is to enable automatic updates for every device that can be affected. If enabled, the phone will receive security patches as they become available Google has already started focusing on fixing the problem and says any hardware issues should be fixed with the March security update.
What about Samsung? In response to these security concerns, Samsung released the following statement to Digital Trends:
"Samsung takes the security of our customers very seriously. After discovering 6 vulnerabilities that could affect select Galaxy devices, none of which were "serious," Samsung released security fixes for 5 of them in March. Another in April to address remaining vulnerabilities. The security patch will be released.
"As always, we encourage all users to update their devices with the latest software to ensure the highest level of security."
While device owners wait for a fix, Project Zero has some suggestions for what they can do to reduce their risk, including disabling Wi-Fi and Voice over LTE (VoLTE) calling. This may damage the sound quality of your phone. Call, but the alternative to being in danger is much worse. Apart from adjusting these two settings, not much else can be done as we all wait for possible solutions to become available.
Post a Comment
Post a Comment