Be careful if you have a Samsung, Vivo or Google smartphone! Serious security flaws have been identified on popular models, some allowing sensitive data to be recovered with a simple phone call!

Be careful if you have a Samsung Vivo or Google

Be careful if you have a Samsung, Vivo or Google smartphone! Serious security flaws have been identified on popular models, some allowing sensitive data to be recovered with a simple phone call!

Be careful if you have Samsung, Vivo or Google devices! The Project Zero team – security researchers from Google – announced in a press release to have discovered no less than 18 vulnerabilities affecting the modems of the Samsung Exynos chips. So-called zero-day flaws, which have not been published and which therefore do not yet have a patch. We find this component in some Samsung smartphones, but also in Google Pixel, many Vivo smartphones, connected watches, and even cars – to have a 5G connection.

Exynos flaws: unpatched vulnerabilities

If most of the flaws are not very worrying, four of them are however particularly critical. In effect, “we believe that skilled attackers would be able to quickly create a working exploit to compromise affected devices silently and remotely”, fears Project Zero. Clearly, the hacker only needs to know the victim’s phone number and call the latter to steal sensitive data and take control of the device. The other flaws are not as serious, as they require “either a malicious mobile network operator or an attacker with local access to the device”. Here is the list of those vulnerable:

  • Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 smartphones;
  • Vivo S16, S15, S6, X70, X60 and X30 smartphones;
  • Google Pixel 6 and Pixel 7 smartphones;
  • Connected watches equipped with the Exynos W920 chip: Galaxy Watch 4, Galaxy Watch 4 Classic, Galaxy Watch 5 and Galaxy Watch 5 Pro;
  • Vehicles equipped with the Exynos Auto T5123 chip.

To avoid any risk, Tim Willis, the head of Google’s Project Zero, urges users to “update their devices as soon as possible, to ensure they are using the latest versions that fix disclosed and undisclosed security vulnerabilities” – advice that does not only apply in this case in particular, but in general elsewhere. According to the Project Zero teams, Google has already fixed the problem for the smartphones concerned with the March 2023 security patch. On the other hand, Samsung and Vivo still do not seem to have reacted, while some problems were reported more than 90 days ago…

Pixel 7 ©Google

In order to give manufacturers time to develop their security patches, the researchers leave a three-month period between the reporting of flaws and the disclosure of more precise technical details. To protect users and not give cybercriminals a way to hack into devices – that’s all it takes! –, Project Zero has decided to hide the details of 4 particularly serious vulnerabilities. The team, however, wanted to warn that they will be revealed in the coming weeks, whether or not the affected companies issue patches to their users.

-If you ever own one of the devices mentioned above and no security patch has been offered, there is a temporary way to protect yourself. Indeed, you must disable Wi-Fi calling and VoLTE – a technology that allows calls to be made directly via the LTE/4G mobile network – in your device settings. However, this may reduce the quality of your calls and increase call setup time. Finally, stay tuned for future updates and security patches.

ccn5