Android

these Android phones contain a serious flaw, according to Google

Project Zero, Google’s security research team, has found a number of major vulnerabilities in Samsung modems. Those modems can be found in many popular Android phones.

These Android phones are at risk

Project Zero security researchers have found a series of zero-day vulnerabilities in several Exynos modems. In a blog post, Google explains that these vulnerabilities allow criminals to remotely penetrate a phone without the user knowing. This gives them access to mobile calls, text messages and mobile data, among other things. The criminals don’t need much more than the victim’s phone number for this. And, frustratingly, it seems Samsung is struggling to fix it.

The Samsung Galaxy S23 series is therefore not at risk. These phones came with a Snapdragon chipset in Europe. The Samsung Galaxy A53 and the Galaxy S22 series do run on an Exynos chipset and these phones may therefore be at risk. The Samsung Galaxy S21 series is not mentioned in the list, while it does have an Exynos. According to Samsung, this series has a different modem. The security researchers list the following phones in the blog post:

  • Samsung smartphones such as the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04
  • Vivo smartphones such as the S16, S15, S6, X70, X60 and X30 series
  • Google smartphones: Pixel 6 and Pixel 7 series
  • All wearables that have an Exynos W920 chipset
  • All cars that have an Exynos Auto T5123 chipset

March security update

Project Zero says you can protect yourself by turning off Wi-Fi calling (VoWifi) and 4G calling (VoLTE). It’s even better to get the latest March security update. Project Zero indicates that the March security update should fix the problem for Pixel phones. Although this patch is not yet available for the Pixel 6, the Pixel 6 Pro, and the Pixel 6a.

Security researchers usually wait for a fix before publishing the vulnerabilities they find. It is also possible to publish the report if a solution is not yet in sight. It seems that it is the latter case here. Project Zero researcher Maddie Stone tweeted that “end users still don’t have patches 90 days after the report.” Samsung and other smartphone makers must therefore quickly come up with a patch.

=https://twitter.com/maddiestone/status/1636469657136959488″ data-service=”twitter”>

Project Zero

Google’s Project Zero was created in 2014 with the aim of providing every user with a safe internet experience. It is a team composed of Internet security researchers.

Related articles

Leave a Reply

Your email address will not be published. Required fields are marked *