Recently, the Google Project reported 18 zero-day vulnerabilities in the Exynos Modem. Of these vulnerabilities, four were found to be critical. As this is a modem issue, vulnerabilities could exploit internet-to-baseband remote code execution. This would allow attackers to remotely compromise your device at the base level without user interaction.
What happens when you get @natashenka, @ifsecure, @_fel1x, @i41nbeer and @tehjh working collaboratively on a new attack surface for the team?
— Tim Willis (@itswillis) March 16, 2023
This: https://t.co/u6s6p8eNTr
The blogpost also includes actions that users can take to protect themselves while waiting for patches.
For this to happen, an attacker would need the device’s mobile number. The other 14 vulnerabilities require either a malicious mobile network operator or an attacker with local access to the device.
List of Devices Affected by Exynos Security Flaw
This flaw has affected the Exynos Modem used in Exynos 850, Exynos 1280 and Exynos 2200.
- Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series devices;
- Vivo S16, S15, S6, X70, X60 and X30 series devices;
- Google Pixel 6 and Pixel 7 series devices;
- Any wearable devices with the Exynos W920 chipset;
- Any vehicles with the Exynos Auto T5123 chipset.
Google has already rolled out a security update to all affected Pixel devices and the Pixel 6 is expected to receive this update by March 20. Here’s how you can protect your device until Samsung patches the Exynos security flaw: it is advised that users disable Wi-Fi calling and VoLTE (Voice-Over-LTE).
However for security concerns Google hasn’t disclosed all zero-day vulnerabilities. Samsung is working on an update which could be rolling out to affected devices quite soon.
Disable Wi-Fi Calling Settings might vary based on your OS,
- Open Device Settings and head over to Connections.
- Tap on Wi-Fi Calling. There you will have the option to toggle and disable Wi-Fi calling.
Once you have disabled Wi-Fi calling, you can proceed with disabling VoLTE (Voice-Over-LTE) on your device.
Disable Voice-Over-LTE (VoLTE)
- Open Device Settings and head over to Connections.
- From there, go to Mobile Network.
- Next, disable 4G Calls for your SIMs.
- It is recommended to use 3G/2G auto calls.
That’s all you can do for security measures to prevent your device from vulnerabilities. Hopefully, Samsung will start rolling out a patch update to fix this issue as soon as possible. Until then we hope this guide remains helpful for you. Thanks for being with us. We would like to know your valuable opinion and feedback. If there are any queries share them with us in the comment section down below. Stay tuned for more updates in the future.
