ALERT: Critical Security Flaw in Samsung Smartphone Modems

Google's Project Zero, a team of security analysts employed by Google who are tasked with finding zero-day vulnerabilities, has found critical security flaws in Samsung modems (used in smartphones and other communication devices). This flaw could enable hackers to remotely gain access to vulnerable devices without any intervention from you, the user.

These vulnerabilities threaten a wide range of devices including smartphones, wearables and car platforms.

How This Threat Works
A select number of Samsung Exynos chip lines have firmware that is failing to do a software check to validate how certain applications access information in a device. Essentially, in devices with the vulnerability, a hacker could get full access to crucial areas of the microchip, which stores user information such as passwords and location data. The flaws are being described as “Internet-to-baseband remote code execution,” which could allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.

What You Should Do
The current recommendation is for affected users to turn off Wi-Fi calling and Voice-over-LTE in their device settings until a security patch is provided, which may be sometime in April. It is also recommended that users keep their devices updated to ensure the highest level of protection possible, at all times.

Based on information from public websites that map chipsets to devices, affected products likely include but are not limited to:

• Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;
• Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
• The Pixel 6 and Pixel 7 series of devices from Google;
• any wearables that use the Exynos W920 chipset; and
• any vehicles that use the Exynos Auto T5123 chipset.

Always be Security Conscious
Protecting personal devices is increasingly important due to a steady rise in hybrid and remote work, with mobile phones more likely to contain sensitive business information. Along with keeping your devices up-to-date with firmware and security patches, here are several best practices you should always follow:

• Install and use reliable antivirus and anti-malware software on your device.
• Avoid downloading and installing applications from untrusted sources. Only download apps from the official Google Play Store or Samsung Galaxy Store.
• Be cautious when opening email attachments or clicking on links from unknown or suspicious sources.
• Avoid connecting to public Wi-Fi networks, especially those that are not password-protected or are known to be unsecured.
• Consider using a VPN when connecting to the internet from your device.

You can check your device to see what version it is on by following the instructions here. Further information from the Google Project Zero team on this topic can be found here.

As of March 20, 2023: Google Pixel updated their March 2023 Security Bulletin to now show that all four Internet-to-baseband remote code execution vulnerabilities were fixed for Pixel 6 and Pixel 7 in the March 2023 update.