Samsung's Exynos modems are vulnerable to multiple security flaws, reports Google

Samsung's Exynos chipsets for smartphones contain multiple security flaws, which hackers can exploit easily.

These vulnerabilities are serious enough for Project Zero to recommend that people using Samsung's Exynos- based devices turn off Wi-Fi calling and Voice-over-LTE (VoLTE) to keep safe till a patch is available.

Affected devices also include smartphones from Vivo, Pixel 6 and Pixel 7 from Google, all wearables that use the Exynos W920 chipset and vehicles that use the Exynos Auto T5123 chipset.

The problem is with the Exynos modems found within these chipsets, which allow "an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number".

Microsoft unveils AI office copilot in fast-moving race with Google Microsoft unveils AI office copilot in fast-moving race with Google

Out of the 18 vulnerabilities discovered so far, four are highly severe. The rest require a malicious mobile network operator or an attacker with local access to the device.

Project Zero said that patch timelines would vary from a manufacturer to the other. Google devices received a fix with the March 2023 security update, while the rest will be rolled out over time.

In the meantime, users of Samsung or Vivo smartphones with Exynos chipsets have been encouraged to turn off Wi-Fi calling and VoLTE.

Some of the phones affected include the S22 series, M33, M12, A71, A53, A33, A21, A13, A12 and A04. Smartphones from Vivo that have the flaw are the S16, S15, X70, S6, X60 and X30.