Google’s security research team has discovered some major vulnerabilities in Pixel and Samsung Galaxy phones that you’ll want to protect against as soon as possible.
The issues were discovered in Exynos modems produced by Samsung which are used by a variety of smartphones, including the Google Pixel 6, Google Pixel 7And Galaxy S22 among others.
As revealed in the Project Zero Team Blog Post (opens in a new tab) People using a device that relies on this chip will want to disable Wi-Fi and Voice-over-LTE calling in their device’s settings to protect themselves until a security patch is released. The affected devices are:
- Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series phones
- Vivo S16, S15, S6, X70, X60 and X30 series phones
- Google Pixel 6, Pixel 6 Pro, Pixel 6a and Pixel 7 phones
- all portable with the Exynos W920 chipset
- any vehicle using the Exynos Auto T5123 chipset
However, not all versions of all devices are affected. For example, the European Samsung Galaxy S22 uses a vulnerable Exynos modem, but the US version does not. But for other devices, like the A53, all versions of this phone use the vulnerable Exynos 1280.
So before disabling Wi-Fi Calling and Voice-over-LTE, you might want to verify that your exact model is indeed impacted using Official information from Samsung (opens in a new tab).
How can you protect your phone?
For its part, Google says the March 2023 security update that rolled out to the Pixel 6 and Pixel 7 phones should fix these issues.
In a statement we received, Samsung told us that it takes the security of its customers seriously and that it released a patch this month for five of the six vulnerabilities affecting certain Galaxy devices. Another security patch will arrive in April to address the remaining vulnerability, so make sure your device is up to date if you want it protected.
In the meantime, you can protect yourself by going to your phone’s settings. Using the search option, search for “Wi-Fi Calling” and you will see a toggle to turn it on or off in the Connections submenu. If you want your Samsung phone to be secure, you’ll want to turn it off, but then you’ll lose access to the feature until you turn it back on.
To disable Voice-over-LTE, return to the Connections menu and this time tap on Mobile networks. You should then see a new list of options and toggle next to “VoLTE calls SIM 1” and “VoLTE calls SIM 2” (although the second option only appears if you have two SIM cards installed). Disable the toggles and that should mean your phone is protected from the vulnerabilities discovered by Project Zero.
Disabling these features means your calls are lower quality, but you should still be able to make calls.
Analysis: Why reveal these flaws?
If these flaws pose serious risks to our devices, why would Google Project Zero reveal them? Wouldn’t it be better to keep them private so hackers don’t know they exist?
Project Zero keeps serious exploits confidential by only sharing them with affected device manufacturers to ensure they are not abused by bad actors. But for other security vulnerabilities, it may be best to keep a wider network of people in the know.
On the one hand, there is a way for us to protect ourselves against attacks that take advantage of these vulnerabilities – until a fix is deployed, you can disable Wi-Fi calling and voice over LTE like we we explained above. On the other hand, these exploits might not be too difficult to discover, so by keeping them hidden from the public, Project Zero runs the risk of leaving ordinary people in the dark while hackers run rampant.
Finally, the revelation of the issues should encourage device manufacturers to roll out a fix as soon as possible. Now, not only Google’s Project Zero team is harassing them to fix the problem, but device owners can also contact official forums and contact forms to have their phone manufacturer fix the problem.
Looking for a phone that is not affected by this modem issue? Discover our choices for the best phone to find several options that do not depend on the Exynos modem concerned.