This is obviously a big problem, but not all hope is lost as the problem is definitely fixable. The big question is when a fix for all affected devices will arrive. Here’s everything you need to know about the vulnerability and what you can do to keep your smartphone safe.
Why Samsung and Pixel phones are at risk
The report from Project Zero says the vulnerabilities stem from Exynos modems made by Samsung Semiconductor. According to tests conducted by Project Zero, affected devices could be compromised simply by the attacker knowing the victim’s phone number. Due to the severity of the problem, Project Zero believes that “skilled attackers would quickly be able to create an operational exploit to compromise affected devices silently and remotely.”
Due to the amount of sensitive information stored on smartphones, this can become a major problem if not dealt with immediately. Project Zero found 18 vulnerabilities in the Exynos modems, but luckily only four of them have the serious problems mentioned above. The other 14 are described as “not as serious as they require either a malicious mobile network operator or an attacker with local access to the device.”
Which Samsung and Pixel phones are affected?
The unfortunate part of the vulnerability is that Project Zero lists more than 20 devices that are at risk. According to their findings, users with the following devices may be at risk of one of the 18 vulnerabilities:
- Samsung mobile devices including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series
- Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series
- Pixel 6, Pixel 6a, Pixel 6 Pro, Pixel 7 and Pixel 7 Pro
- All vehicles using the Exynos Auto T5123 chipset
Galaxy owners will notice that the Galaxy S21 and Galaxy S23 lines are absent from the list due to the fact that they use Qualcomm modems. The S22 models affected should just be those in selected European and African countries, as the rest of the world’s S22 devices also use the Qualcomm modem.
How to keep yourself safe
While things may look bad at the moment for devices using the Exynos modem, there are some things that owners can do to keep their phones safe. The first is to turn on automatic updates for all potentially affected devices. Once turned on, the phone will receive security patches as soon as they go live. Google has already started focusing on fixing the problem, reporting that its March security update should fix any issues with its hardware.
What about Samsung? In response to these security concerns, Samsung gave Digital Trends the following statement:
“Samsung takes the security of our customers very seriously. After determining 6 vulnerabilities that could potentially affect select Galaxy devices, none of which were ‘serious’, Samsung released security patches for 5 of these in March. Another security patch will be released in April to address the remaining vulnerability.”
“As always, we recommend that all users keep their devices updated with the latest software to ensure the highest possible level of protection.”
While device owners wait for fixes, Project Zero has some suggestions for what they can do to minimize their risks, including disabling Wi-Fi calling and voice-over-LTE (VoLTE). This will potentially degrade the sound quality of your phone calls, but the alternative of remaining at risk is much worse. Other than tweaking these two settings, there isn’t much else that can be done as we all wait for the potential fixes to go live.