The famous security research team at Google, Project Zero, has published a report on a series of security vulnerabilities found in Samsung’s Exynos modem chips.
Out of a total of 18 such vulnerabilities, as many as 4 are classified as critical when they can allow hackers to access your phone just by knowing your phone number. From there, hackers can access sensitive data, control the device remotely, or compromise the device and users.
It affects a wide range of Android devices from both Samsung and Google, as well as other devices that use Exynos modem chips.
It should be noted that at the time the security team released the information, these vulnerabilities had not yet been patched. Normally, security researchers will not publish vulnerabilities until they are patched. But Samsung seems to be very slow to deal with these issues.
Project Zero Security researcher Maddie Stone tweeted:End users still haven’t received the patch 90 days after the issue occurred. “
The following are the devices affected by this vulnerability. The largest number is Samsung phones such as Galaxy S22, M33, M13, A71, A53, A33, A21, A13, A12, and A04. Vivo phones include Vivo S16, S15, S6, X70, X60, and X30. New Google phones including the Pixel 6 and Pixel 7 also suffer from this vulnerability.
Not just phones, these vulnerabilities are also present on wearable devices that use Exynos W920 chipset and also vehicles with Exynos Auto T5123 chipset.
Currently, Google has released the patch for this vulnerability in the March security update for Pixel 7 series devices. But this update has not yet appeared on devices like the Pixel 6, 6 Pro, and 6a, which means that these phones are not currently safe from possible hacker attacks. The vulnerability is exploited to carry out remote attacks over the Internet.
The Project Zero team report says:As research continues to evolve, we believe qualified hackers can quickly create dangerous exploits to attack affected devices remotely and silently.. “