Google Issued an Alarm: Skilled Hackers can access your mobile without your intervention

Google’s security research unit is sounding the alarm on a set of vulnerabilities it found in Samsung’s Exynos modems chips included in dozens of Android models, wearables and vehicles. There is a total of 18 Zero-day vulnerabilities found over the last few months and reported directly to the manufacturers of device makers. Most vulnerabilities are still not patched by the device manufacturers.

Out of 18 Zero-Day vulnerabilities, four were found to be very dangerous where skilled hackers can remotely access the devices without any help/support/clicking by the users. Details of vulnerabilities are still not shared in public domain but Nation-State and High-end organised criminals can exploit these vulnerabilities, where flaws that could compromise affected devices “silently and remotely” over the cellular network.

By gaining the ability to remotely run code at a device’s baseband level — essentially the Exynos modems that convert cell signals to digital data — an attacker would be able to gain near-unfettered access to the data flowing in and out of an affected device, including cellular calls, text messages, and cell data, without alerting the victim.

Google said the remaining 14 vulnerabilities were less severe since they required either access to a device or have insider or privileged access to a cell carrier’s systems

Which devices are vulnerable?

Samsung mobile devices, including the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series;
Google Pixel 6 and Pixel 7 series;
Connected vehicles that use the Exynos Auto T5123 chipset.

How to protect?

Until affected manufacturers push software updates to their customers, Google said users who wish to protect themselves can switch off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings, which will “remove the exploitation risk of these vulnerabilities.”