Google warns of some security holes on Android devices using Samsung chips

Tim Willis, head of Google Project Zero, said that the four most severe of the 18 were found. These vulnerabilities, both reported in late 2022 and 2023, allow attackers to remotely penetrate phones at the baseband level without user interaction. Intrusion is extremely easy when the attacker only needs to know the victim’s phone number.

See more: WARNING! Hackers using “fake” ChatGPT to spread malicious code on Android vs Windows

By gaining the ability to remotely run code at the baseband level of the device, which is essentially an Exynos modem that converts cellular signals into digital data, hackers will be able to gain near-innocent access. interfere with data on the victim’s device, including cell calls, text messages, and mobile data.

The remaining 14 vulnerabilities are not critical because they require access to the device or have internal or privileged access to the mobile carrier’s system.

Google also lists a number of Exynos chipset-powered devices that are likely to be affected by the vulnerabilities:

• Samsung phone series, including devices from the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series devices
• Vivo’s mobile devices, including devices from the S16, S15, S6, X70, X60 and X30 series devices
• Google’s Pixel 6 and Pixel 7
• Any watch with Exynos W920 chipset (including Galaxy Watch 4 and 5)
• Any vehicle using the Exynos Auto T5123 chipset.

The good news for users of affected Google Pixel lines is that they were patched in the March 2023 security update.

For users who have not yet received the update with the patch, Google recommends disabling Wi-Fi and VoLTE calling in device settings to eliminate the risk of exploiting these vulnerabilities.