It is highly recommended to have our mobile devices updated to the latest version, both in terms of the operating system and the relevant security updates that are usually released on a fairly regular basis.
The problem is when cybercriminals find some kind of vulnerability in our devices, and we still don’t have the update available. security that avoids a possible risk for us.
And now, unfortunately, if you have a Google Pixel or a Samsung phone, you should be very careful, because Google’s bug-hunting team, known as Project Zero, has identified no fewer than 18 bugs. vulnerabilities security that affect Exynos modems, being able to give even attackers full control over our mobile phone, reports from XDA.
These vulnerabilities were discovered in late 2022/early 2023, and many of them are considered critical as they allow remote code execution using only the victim’s phone number.
The affected devices
Specifically, the affected mobile devices are the following:
- mobile devices samsungincluding those of the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series
- Vivo mobile devices including S16, S15, S6, X70, X60 and X30 series
- Google’s Pixel 6 and Pixel 7 series of devices
- Any phone using Exynos Auto T5123 chipset
Although this bug was fixed in the update March security, there are some devices of the above that do not have it available yet, so you could be in danger.
Until the March security update is available on your device, the only thing you can do is to disable VoLTE and WiFi calling.
According to Google’s Project Zero, expert attackers could quickly create an operational exploit to compromise affected devices silently and remotely, meaning you could have your device compromised and not even know it.
Regarding the main exploit, CVE-2023-24033, its description says that “Affected baseband modem chipsets do not correctly verify format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service“.
The other 14 vulnerabilities (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076, and nine others awaiting CVEs) are not as critical but still carry risks. .
For successful exploitation, either a rogue mobile network operator or an attacker with local access to the device is required.
Thus, if you have any of the mobile phones listed above, and have not yet received the March security update, you should disable VoLTE and WiFi calling.