Google is alerting users of certain Samsung, Vivo, and Pixel phones about a variety of flaws that allow criminals to hack devices just by knowing phone numbers. In a blog post, Project Zero, Google’s team of cybersecurity analysts and specialists, listed 18 separate possible flaws in some phones utilizing Samsung Exynos processors. However, these exploits are sufficiently dangerous that they should be considered zero-day vulnerabilities.
In order to access data streaming in and out of a device’s modem, such as phone calls and text messages, an attacker simply needs the appropriate phone number for four of these attacks. Although it takes more work to reveal the vulnerability of the other 14 attacks, they are less concerning. To exploit the device an attacker would need access to the device locally or to access the device carrier’s systems.
MAKE SURE TO READ: Samsung crafting custom CPU core for smartphones
Although it is up to the smartphone manufacturers to choose when a software patch will be released for each device, owners of concerned handsets should install impending security upgrades as soon as feasible. You may avoid becoming the victim of these attacks, by disabling Wi-Fi calling and Voice-over-LTE, or VoLTE, in your device settings, according to Google. Moreover, Google also disclosed that its high-end Pixel phones have been utilizing Samsung’s modems for years when it specified which phones utilize Exynos modems.
Following smartphones are affected – the Samsung Galaxy S22 series, the Galaxy M33, M13, M12, A71 and A53 series, A33, A21, A13, A12 and A04 series. On the other hand, Vivo includes the S16, S15, S6, X70, X60, and X30 series. Plus, the Pixel 6 and Pixel 7 series are also affected.
Subsequently, In late 2022 and early 2023, according to the blog post, Google informed the impacted phone makers of the exploit discovery. However, the Project Zero team has decided against following its custom of revealing all exploits a certain amount of time after reporting them to impacted firms for four more vulnerabilities out of prudence due to their continued seriousness.
We recommend the affected device, maintain the security of their data and personal information, users should exercise caution and make sure to upgrade their devices as soon as possible to the most recent software versions.