Google’s Project Zero Lab has discovered 18 security flaws, including four very serious ones, in smartphones with certain Samsung Exynos modems.
If Google is the publisher of Android and, as such, a privileged partner of smartphone manufacturers, this does not prevent the firm from raising the alert in case of security vulnerabilities identified by the devices of Android smartphone brands. The firm even has its own cybersecurity laboratory, Project Zero, which launched the alert on Thursday, March 16, about 18 security flaws related to Samsung modems.
In detail, the Project Zero lab claims to have detected these vulnerabilities in several Exynos modems designed by Samsung. These modems are not only used in the smartphones of the Korean manufacturer, but also in those of Vivo and even in those of Google. Project Zero indicates that the affected products are:
- samsung galaxy s22
- Samsung Galaxy M33, M13 and M12
- Samsung Galaxy A71, A53, A33, A21, A13, A12, A04
- I live X70, X60, X30
- I live S15, S16, S6
- Google Pixel 6 and Pixel 7
- Watches with the Exynos W920 chip
On this last point, it should be noted that the W920 SoC for connected watches is used in the Galaxy Watch 4 and Galaxy Watch 4 Classic, but also in the Galaxy Watch 5 and Galaxy Watch 5 Pro.
Four especially serious flaws
While some of the vulnerabilities highlighted by Project Zero are not particularly dangerous, others are considered more concerning. Four of them would allow remote code execution:Testing by Project Zero confirms that these four flaws allow an attacker to remotely compromise a phone without any user interaction and only need to know the victim’s phone number».
According to the Google lab, these flaws could be used by experienced hackers who want to discreetly access a user’s data without the user noticing.
As is the case with most security vulnerabilities, Project Zero has warned the manufacturers of the various compromised smartphones. Several security patches are due to be deployed in the coming weeks. In addition, the laboratory specifies that Google’s Pixel 6 and 7 have already received security patches to close these vulnerabilities. To protect themselves while awaiting patch deployment, the cybersecurity lab also encourages users of affected smartphones to disable Wi-Fi or 4G (VoWiFi and VoLTE) calling.
Do you want to join a community of enthusiasts? Our Discord welcomes you, it is a place of mutual help and passion for technology.