Google has a dedicated team — Project Zero — which looks at vulnerabilities and security threats that may pop across devices. This includes Android phones, iPhones among other devices. The Project Zero team has now found 18 zero-day security vulnerabilities. In a blog post, the team detailed what the issues are, how can it be fixed and which devices are at risk.
What Google has to say
Google said that it has conducted several tests and can confirm that “four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number.” In other words, a hacker can take control of your phone by just knowing the phone number. “With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,” Google said in the blog post.
Which devices are at risk?
Devices from Samsung, Vivo and Pixel are at high risk. The Samsung phones which are at risk include: the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series. Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series are also at risk. Google’s own Pixel 6 and Pixel 7 series are also at risk. Apart from this any wearables that use the Exynos W920 chipset; and any vehicles that use the Exynos Auto T5123 chipset can also be attacked.
What is the solution?
Samsung has to issue a security patch to ensure devices are safe. This is because, according to Google, all the 18 security vulnerabilities have been reported in Exynos modems, which are produced by Samsung Semiconductor. A report by The Verge notes that Samsung hasn’t released any updates till now since Google reported the issue.
Google says that it has already issued a security patch for the month of March, which should solve the problem for Pixel series devices.
What can users do?
Wait for the security patch to arrive. However, Google does offer another solution. Google says that turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. “As always, we encourage end users to update their devices as soon as possible, to ensure that they are running the latest builds that fix both disclosed and undisclosed security vulnerabilities,” noted Google in the blog post.