Android phones from Samsung and Google contain vulnerabilities that could allow hackers to hijack the handsets.
The issue stems from the Samsung modems found inside the phones, and impacts popular models such as Google’s Pixel 6 and Pixel 7, and Samsung’s Galaxy S22 and A53 phones.
According to security researchers at Google, a range of Samsung Exynos modems have a total of 18 vulnerabilities, with the most severe among them enabling “an attacker to remotely compromise a phone at the baseband level with no user interaction”.
Worse still, all a hacker would need to take over the affected phones is your phone number.
However, there are steps you can take to protect your device, including downloading a security update. If that isn’t available on your phone, you can also turn off certain functions to keep hackers at bay.
Read on to find out if your phone is susceptible to attacks, and the features you need to disable to secure it.
What devices are affected by the Samsung Exynos bugs?
Google’s Project Zero security intel team claims the following products are affected by the vulnerabilities.
- Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
- The Pixel 6 and Pixel 7 series of devices from Google
- Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series
- Any wearables that use the Exynos W920 chipset (which include the Galaxy Watch 4 and 5)
- Any vehicles that use the Exynos Auto T5123 chipset.
How to protect your phone
At least one of the major vulnerabilities has been fixed with a March security update for Pixel phones, according to Google. But, as 9to5Google notes, that update (which arrived on Monday, March 13) isn’t available for the Pixel 6, 6 Pro, and 6a yet.
Google is advising those who can’t access the March security update to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) functions in their device settings. “Turning them off will remove the exploitation risk of these vulnerabilities”, Google said.
You can find these options in the settings on your phone under “network and internet” or “connections”.
What has Samsung said?
Samsung told the Evening Standard that six vulnerabilities were found to affect its devices, and “none of them were severe”. Five of these vulnerabilities were addressed in a March security update. Samsung will release another security patch in April to address the remaining vulnerability.
“As always, we recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible,” a Samsung spokesperson said.