Google warns of a number of serious vulnerabilities in smartphones from Samsung and Vivo, among others. The phones can be taken over undetected remotely due to the leaks.



Image © Samsung

Google researchers warn of a total of 18 problems in smartphone modems made by Samsung. Those Exynos modems are in Android phones from different brands, which can therefore be hacked unnoticed due to the vulnerabilities. Striking: Google has repaired the vulnerabilities in its own Pixel phones, but they are still present in other devices.

Four of the most serious vulnerabilities allow an unnoticed hack over the mobile network to anyone who has the victim's mobile number. "Tests confirm that the four vulnerabilities allow an attacker to remotely compromise a phone without user interaction. The only requirement is the victim's phone number," said lead researcher Tim Willis of the Google research group Project Zero.

Samsung


Unlimited access

The potential danger of the vulnerabilities is so great that a hacker would gain virtually unlimited access to a device's data streams. Phone calls, text messages and mobile data could be tapped unnoticed.

Google's announcement is striking. The company continuously looks for vulnerabilities, but normally only discloses them once they have already been fixed. However, Samsung does not seem to have responded to Google's report yet.

Project Zero employee Maddie Stone writes on Twitter that Samsung was warned 90 days ago about the vulnerabilities in its own modems.

A temporary solution

Although Samsung does not have an update yet, there is a simple emergency solution. Users must disable two settings in the phone settings of their device. These are Voice over LTE and Voice over Wi-Fi. Disabling those functions can be done without major drawbacks, and telephones will then remain mobile accessible.

Affected devices

The list of vulnerable devices includes many popular phones. Google lists Samsung devices as the Galaxy S22, A53, A33, A21s, A13, A12 and A03 and the M M33, M13 and M12. Samsung has not yet responded to Google's message. It is unknown when an update for the phones will appear.

Affected but now updated are the Google Pixel 6 and 7 phones, which have also been officially available in the Netherlands since last year.

Vulnerable Vivo devices are those in the S16, S15, S6, X70, X60 and X30 series. Furthermore, some wearables and cars with Exynos modems are also vulnerable. It is not clear which vehicles and wearables are involved and what the status is with the updates of those devices.