Unless Samsung updates its modems, Google warns that hackers could steal your phone silently
Project Zero has found a series of vulnerabilities in Samsung modems that could allow an attacker to remotely compromise a phone without user interaction.
Google's March security update should address the issue, but it is not available for the Pixel 6, 6 Pro, and 6a yet. The researchers believe the following devices may be at risk: Samsung, Vivo, wearables, and vehicles which includes.
- Samsung mobile phones from the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series are examples.
- Vivo's smartphones, including the S16, S15, S6, X70, X60, and X30 series
- any wearables powered by the Exynos W920 processor
- any automobiles equipped with Exynos Auto T5123 chips
Project Zero has found 18 vulnerabilities in Samsung modems, including four that allow "Internet-to-baseband remote code execution" and four that require "either a malicious mobile network operator or an attacker with local access to the device."
If you know your phone uses one of the vulnerable modems, and you're concerned about it being exploited, you can protect yourself by turning off Wi-Fi calling and Voice-over-LTE. Security researchers typically hold off on reporting a bug until a fix is either readily available or until it has been a predetermined period of time since they first reported it with no sign of a fix.
When The Verge asked Samsung for comment on why there doesn't seem to be a patch yet, Samsung didn't respond right away.
Via Verge