Links on Android Authority may earn us a commission. Learn more.
Google says Exynos chip flaw puts several phones at security risk (Updated)
- Google’s Project Zero has found 18 active vulnerabilities on Samsung’s Exynos modems.
- Four of those vulnerabilities can give hackers access to your phone by simply knowing your phone number.
- Affected devices using the unsafe Exynos modems include the Galaxy S22 series and several other phones.
Update: March 20, 2023 (11:07 PM ET): Google has rolled out the March 2023 security patch for the Pixel 6, Pixel 6 Pro, and Pixel 6a. This means that the phones are no longer exposed to the security risks posed by affected Exynos chips.
Original article: March 17, 2023 (12:38 AM ET): Google’s Project Zero security research team has posted a blog highlighting active vulnerabilities in Samsung’s Exynos modems. Four of the 18 reported security issues with the Samsung chips in question are severe and could give hackers access to your phones with just the help of your phone number.
Security researchers usually don’t disclose vulnerabilities until after they are resolved. However, it seems Samsung has been dragging its feet on the issue. Project Zero researcher Maddie Stone tweeted (via TechCrunch) that “end-users still don’t have patches 90 days after the report.”
According to researchers, the following phones and other devices, including vehicles, can be compromised if hackers were to exploit the at-risk Exynos chips:
- Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series.
- Vivo S16, S15, S6, X70, X60 and X30 series.
- The Pixel 6 and Pixel 7 series.
- Any vehicles that use the Exynos Auto T5123 chipset.
Notably, Google has patched the issues in its March security update for Pixel 7 series. However, the update still hasn’t reached the Pixel 6, Pixel 6 Pro, and Pixel 6a, which means these phones aren’t currently safe from hackers capable of exploiting the specified internet-to-baseband remote code execution vulnerability.
“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,” Project Zero noted in its report.
How can you protect yourself?
While we await Samsung and other vendors to resolve the issues affecting the Exynos chips, Google recommends you turn off Wi-Fi calling and Voice-over-LTE (VoLTE) on the affected devices. You should also keep an eye out for any upcoming security updates and grab them as soon as possible.