Google warns owners of devices with Exynos modems built into Samsung, Vivo and Pixel phones. Project Zero, its dedicated cybersecurity lab, has reported 18 zero-day vulnerabilities. Four of them can allow a hacker to take control of our device simply by using our phone number.
Indeed, we learn this in a blog post by Tim Willis, leader of the Project Zero team at Google.
The latter explains that his team saw no fewer than 18 zero-day errors in Exynos modems made by Samsung.
As a reminder, a zero-day bug is a bug that has never been identified before.
The risks of these mistakes
Four of these vulnerabilities put devices equipped with Exynos modems at high risk. They are codenamed CVE-2023-24033.
Tim Willis basically explains that they can allow a hacker to take control of our device with amazing ease.
Project Zero testing confirms that these four vulnerabilities allow an attacker to remotely compromise a baseband-level phone without user interaction, and the attacker only needs to know the victim’s phone number. We believe that experienced attackers with limited additional R&D would be able to quickly create a working exploit to silently and remotely compromise affected devices.
Samsung and Pixel devices affected
Project Zero’s blog post lists the devices affected by these Exynos modem bugs:
- Vivo S16
- Vivo S15
- Vivo S6
- VivoX70
- VivoX60
- vivo X30
- Pixel6
- Pixel 6 Pro
- Pixel 7 Pro
- Pixel 7 Pro
- Samsung Galaxy S22
- Samsung Galaxy M33
- Samsung Galaxy M13
- Samsung Galaxy M12
- Samsung Galaxy A71
- Samsung Galaxy A53
- Samsung Galaxy A33
- Samsung Galaxy A21s
- Samsung Galaxy A13
- Samsung Galaxy A12
- Samsung Galaxy A04
- Vehicles with the Exynos Auto T5123 chip
How to fix these vulnerabilities
Google has started rolling out security patches, especially for Pixel device owners. In their case, to fix the risks, it is enough to install the March 2023 update via the settings in the tab: System.
With Samsung and Vivo devices, it’s up to these companies to offer their own security patch, and Google can’t say exactly when they will.
Nevertheless, a quick reaction from these two manufacturers can be expected.
In anticipation of the update, Google is recommending that Samsung and Vivo device owners turn off Wi-Fi calling and Voice-over-LTE (VolTE) calling through their device settings. For this we have to:
Finally, if you click on the malicious link anyway, it goes without saying that having an antivirus program will drastically reduce your chances of falling into the trap. This will be able to identify and block the threat even before it takes root on our computer.
