Staying up-to-date with the latest security updates is essential, as new threats to our devices emerge every week. If you own a Samsung Galaxy or recent Google Pixel phone, you should be aware that your device may be vulnerable to hacking with just your phone number, which poses a serious concern for personal privacy and security.
In late 2022 and early 2023, Google's Project Zero security research team discovered 18 zero-day vulnerabilities in Samsung Exynos modems. Zero-day vulnerabilities are particularly concerning because hackers are often aware of them before vendors, heightening the risk of an attack.
Four out of the 18 zero-day vulnerabilities discovered by Google's Project Zero in Samsung Exynos modems can result in "Internet-to-baseband remote code execution." This means that hackers can potentially take control of your phone without requiring any input from you, simply by knowing your phone number, if you have one of the affected devices.
Project Zero has identified Samsung's Exynos modem as the component responsible for regulating phone calls in smartphones. The list of devices identified to be affected by the zero-day vulnerabilities discovered in these modems includes mobile devices from Samsung, Vivo, the Pixel 6 and Pixel 7 series from Google, and any vehicles that use the Exynos Auto T5123 chipset.
Fortunately, the necessary patches and updates have already been made available for users to fix their devices. Google has addressed all four critical vulnerabilities with its March update, and Samsung has implemented security patches for five of the six vulnerabilities it considers noteworthy in its March update. If you own a Pixel 6 or Pixel 7, it is recommended that you update your device as soon as possible. If you own a Samsung device, a patch for the outstanding vulnerability should be available in April.
While you wait for the final patch, it's recommended that you disable wifi calling as a safeguard against internet-to-baseband remote code execution. To disable the feature, go to Settings>Connections and toggle off "Wi-Fi" Calling." Disabling Voice Over LTE (VoLTE) is also an option, but it can disrupt your ability to make or receive phone calls. Alternatively, you can keep your phone connected to LTE or 5G, deactivate wifi calling, and await Samsung's final patch release. Stay vigilant and protect yourself from potential threats.