A range of smartphones running the Android platform, including high-end models like the Galaxy S22 or Pixel 7... all have serious security flaws that allow hackers to easily break into the devices.
Google's Project Zero security research team has discovered a series of serious security flaws in Samsung-developed Exynos modems, which are currently used in several smartphones and smart wearables from Samsung, Google, and vivo.
Project Zero said the team found a total of 18 security flaws in Exynos modems developed and produced by Samsung, four of which are extremely serious security flaws that allow hackers to execute malicious code. Remotely via the Internet. It's worth noting that hackers can easily exploit these security holes to break into a user's smartphone simply by knowing their phone number without directly interacting with the victim's device.
Except for 4 extremely serious vulnerabilities, the remaining 14 security vulnerabilities are not that serious. However, Project Zero emphasized that these security holes are not too difficult for professional hackers to exploit, and have now been exploited by hackers to attack users.
Project Zero has reported these security vulnerabilities to Samsung since the end of 2022, but so far, more than 90 days have passed, and Samsung has not released any patches to users. This suggests that the South Korean tech company appears to be having a lot of trouble patching the security flaws it has discovered.
Samsung products that currently have security vulnerabilities include the Galaxy S22 series (versions with Exynos chips, versions with Qualcomm chips are not affected); mid-range smartphones Galaxy M (Galaxy M12, M13, M33); Galaxy A series (A12, A13 , A21, A33, A53 and A71), budget smartphone Galaxy A04 and smartwatch duo Galaxy Watch 4/5 (LTE-capable version).
Vivo's smartphone series, including S6, S15, S16, X30, X60, and X70; Google's Pixel 6 and 7 smartphones are also among the products affected by the serious security flaw mentioned above.
In addition, smart wearable devices using the Exynos W920 chip and models equipped with the Samsung Exynos Auto T5123 chip also have unresolved security vulnerabilities.
Google said it would release a patch for its smartphone models in March this year, but Samsung and Vivo have yet to comment on the Project Zero announcement.
Only products using the Exynos modem mentioned in Project Zero have serious security vulnerabilities, while products using other types of Exynos modems and chips are still safe and have no problems.
People using vulnerable smartphones should temporarily disable calling over WiFi and 4G LTE networks while they wait for a patch to be released, Project Zero security experts said. This may affect call quality, but will keep the device safe from hacking and remote intrusion.