Google’s Project Zero lab has discovered 18 security flaws, including four very serious ones, in smartphones with certain Samsung Exynos modems.
If Google is the publisher of Android and, as such, a privileged partner of smartphone manufacturers, this does not prevent the firm from sounding the alert in the event of security vulnerabilities identified by the devices of Android smartphone brands. . The firm even has its own cybersecurity laboratory, Project Zero, which launched the alert, Thursday, March 16, on 18 security flaws related to Samsung modems.
In detail, the Project Zero laboratory claims to have spotted these vulnerabilities on several Exynos modems designed by Samsung. These modems are used not only on the smartphones of the Korean manufacturer, but also on those of Vivo and even those of Google. Project Zero indicates that the affected products are:
- Samsung Galaxy S22
- Samsung Galaxy M33, M13 and M12
- Samsung Galaxy A71, A53, A33, A21, A13, A12, A04
- Vivo X70, X60, X30
- Vivo S15, S16, S6
- Google Pixel 6 and Pixel 7
- Watches with the Exynos W920 chip
On this last point, it should be noted that the SoC W920 for connected watches is used on the Galaxy Watch 4 and Galaxy Watch 4 Classic, but also on the Galaxy Watch 5 and Galaxy Watch 5 Pro.
Four particularly serious flaws
While some of the vulnerabilities highlighted by Project Zero are not particularly dangerous, others are considered more worrying. Four of them would allow remote code execution:tests conducted by Project Zero confirm that these four flaws allow an attacker to compromise a phone remotely without any user interaction and only needing to know the victim’s phone number“.
According to the Google laboratory, these flaws could thus be used by experienced hackers who would like to discreetly access a user’s data without the user even realizing it.
As is the case with most security vulnerabilities, Project Zero has warned the manufacturers of the various compromised smartphones. Various security patches should be deployed in the coming weeks. In addition, the laboratory specifies that Google’s Pixel 6 and 7 have already received security patches to close these vulnerabilities. In order to protect themselves while waiting for the deployment of patches, the cybersecurity laboratory also encourages users of the smartphones concerned to deactivate calls by Wi-Fi or 4G (VoWiFi and VoLTE).
Want to join a community of enthusiasts? Our Discord welcomes you, it’s a place of mutual support and passion around tech.