Four of the 18 active vulnerabilities that Google's Project Zero revealed in Samsung's Exynos modems could allow hackers to access your phone just by knowing your phone number.
The Exynos W920 has been removed from the list of impacted chipsets in Samsung Semiconductor's updated warnings, so users have done the same. Furthermore, Samsung has told Google that, contrary to what was initially claimed, the Galaxy A21s, not the A21, is the compromised smartphone. It has also been corrected in the list of the impacted devices.
The Exynos modems from Samsung have been identified as having active vulnerabilities by Google's Project Zero security research team. Four of the 18 documented security flaws with the in question Samsung chips are serious and could allow hackers to access their phones simply by knowing your phone number.
Security researchers typically don't publicly report flaws until they have been fixed. Samsung appears to have been taking its time with this matter, though. TechCrunch reported that Project Zero researcher Maddie Stone had stated that "end-users still don't receive patches 90 days after the disclosure."
Researchers assert that the following phones and other devices, including cars, could be targeted by hackers if they were to exploit the Exynos chips' vulnerability:
M33, M12, M13, S22, A71, A33, A21s, A53, A12, A13, and A04 series from Samsung.
Vivo's X60, X70, S15, S6, S16, and X30 series.
any cars equipped with an Exynos Auto T5123 processor, including Pixel series 6, and Pixel series 7.
Google, incidentally, made the fixes in the March security update for the Pixel 7 series. Because they have not yet received the upgrade, the Pixel 6, Pixel 6 Pro, and Pixel 6a remain open to attack by cybercriminals who can exploit the aforementioned internet-to-baseband remote code execution vulnerability.
Google suggests disabling Wi-Fi calling and Voice-over-LTE (VoLTE) on the vulnerable devices while they wait for Samsung and other suppliers to fix the problems with the Exynos CPUs. Moreover, keep an eye out for any impending security updates and download them right away.
