Several security vulnerabilities were uncovered by Google’s Project Zero team in Samsung Galaxy smartphones, enabling hackers to target devices with ease. Merely having the victim’s phone number would suffice for a hacker to compromise the phone secretly, without the user being aware of any abnormalities.
Google’s Project Zero team says:
Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction and require only that the attacker know the victim’s phone number.
The team believes that with minimal research and development, experienced attackers could promptly create a working exploit to compromise affected devices remotely and without detection.
Here are the devices that are affected at the moment:
- Samsung: S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
- Vivo: S16, S15, S6, X70, X60 and X30 series
- Google: Pixel 6 and 7 series
- All wearables using Samsung’s Exynos W920 chip and vehicles using the Exynos Auto T5123 chipset.
It seems that the problem is limited to devices that use Exynos chipsets, or SoCs based on Samsung’s chip design. The new Galaxy S23 series exclusively uses Qualcomm Snapdragon processors and hence it is safe from vulnerability. Google Pixel 6 and 7’s Tensor chips are based on Samsung’s chip design and some Vivo phones also use Exynos processors.
However, this is only speculation on our part and the security flaw may have to do with something else entirely, so take this info with a grain of salt.
Samsung is aware of the problem and is working on a fix already. Until then, Google has found a temporary solution to the issue. The search engine giant says that users can protect themselves by turning off Wi-Fi calling on their smartphones.
To turn off Wi-Fi calling, head over to the phone’s settings and then Connections > WiFi calling. Turn the feature off by tapping the toggle option. On some phones, you can also find the setting in the quick settings panel.