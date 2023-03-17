Buying Guides
by Review Geek

Browse All Buying Guides
How-to Geek Best Of Badge Award

Reader Favorites

8 Best Wireless Mechanical Keyboards
5 Best Places to Buy Vinyl Records Online
8 Best Hot Swappable Mechanical Keyboards
Apps to Share Your Location with Family
The 5 Best Trip Planning Apps
The Best Multi-Device Mice and Keyboards for Power Users
7 LEGO Alternatives That Still Work With LEGO Bricks

More from Review Geek

Browse All Buying Guides
Browse All Latest News

Review Geek Editorials

Why Everyone Needs to Stock up on Power Banks
I Switched to a Galaxy S21 and I Hate It
I Tried Carvana: It Was Worse Than The Dealer
Why We Can't Recommend Wyze or eufy Cameras
Don't Buy an Electric Riding Lawn Mower
Don't Buy This Fake 16TB Portable Hard Drive
You Don't Really Ever Own an EV

More from Review Geek

Browse All Reviews
Browse All Buying Guides
How-to Geek Editor Choice Badge Award

Across LifeSavvy Media

FROM LIFESAVVY
Grelife 24in Oscillating Space Heater Review: Comfort and Functionality Combined
VCK Dual Filter Air Purifier Review: Affordable and Practical for Home or Office
FROM HOW-TO GEEK
Yubico Yubikey 5Ci Review: Secure Your Data Across Devices
Bitwarden Password Manager Review: A Very Cost-Friendly Option
We select and review products independently. When you purchase through our links we may earn a commission. Learn more.
X
Popular Searches
News

Google Warns of “Severe Vulnerability” on Pixel and Samsung Galaxy Devices

A patch is already available for the Pixel 7, thankfully.

Andrew Heinzman
Andrew Heinzman
News Editor

Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read more...

About Review Geek
@andrew_andrew__
| 1 min read
Google Pixel 6 Pro and Pixel 6 in-hand
Justin Duino / Review Geek

Devices that utilize Samsung Exynos modems may be an easy target for hackers. In a new report, Google’s Project Zero team identified 18 zero-day vulnerabilities in recent Exynos modems. Google suggests disabling Wi-Fi calling and VoLTE on affected devices, though most users cannot disable these settings.

Only four of the vulnerabilities identified by Project Zero are of immediate concern. According to Project Zero, these vulnerabilities may enable internet-to-baseband remote code execution. While the details are a bit unclear, Project Zero claims that hackers can exploit these vulnerabilities using only a victim’s phone number. (The other 14 vulnerabilities require a “malicious mobile network operator or an attacker with local access to the device.”)

Project Zero first reported these vulnerabilities in late 2022. Google included a patch in the Pixel 7’s March update (which you should install if you haven’t already), but as Project Zero’s Maddie Stone notes, most devices are still unpatched.

Unfortunately, it’s hard to figure out all the devices that may be affected by this exploit. Project Zero put together a rudimentary list using public information, though I’m not sure that this is a complete list (I suspect that smartwatches with new Exynos cellular modems may be affected as well):

  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series.
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series.
  • The Pixel 6 and Pixel 7 series of devices from Google.
  • Any vehicles that use the Exynos Auto T5123 chipset.

According to Samsung, the Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123 are affected by these vulnerabilities.

Project Zero usually publishes detailed information on zero-day exploits. But due to the severity of these vulnerabilities, it’s holding back some information. For what it’s worth, only one of the four major vulnerabilities (CVE-2023-24033) has been assigned a CVE.

The LastPass Scandal Shows It's Time to Leave Passwords Behind
RELATEDThe LastPass Scandal Shows It's Time to Leave Passwords Behind

In its blog post, Project Zero suggests that users disable Wi-Fi calling and VoLTE on affected devices (open Settings, go to “Network and Internet,” and select “SIM”). Disabling these settings will prevent phone calls from being made or received on most carrier networks. And, unfortunately, some carriers don’t let you alter these settings.

My advice is to install the latest update available to your phone. Depending on when you read this article, the March Android patch may be available to you (thereby resolving this issue). If you’re a high-risk target, you may want to disable Wi-Fi calling and VoLTE, though this isn’t a realistic option for most users.

Source: Project Zero 

READ NEXT
Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »