Severe Security Flaws in Mobile Chipset Expose Voice and Data

According to this article published on the Bleeping Computer website, Google’s Project Zero bug hunting team has reported the results of an investigation that uncovered 18 zero-day vulnerabilities in mobile devices that use Samsung’s EXYNOS modem chipset. Among the vulnerabilities are some that allow attackers to steal data and monitor conversations simply by knowing your mobile phone number.

Vulnerability is present when using free wi-fi calling and Voice over LTE!

Of the 18 vulnerabilities discovered by the team, 14 have already been addressed by Samsung, and they have provided patches to various device distributors. However, Samsung does not control when those distributors make the patches available to the public. The remaining 4 vulnerabilities are so severe that Google has broken with tradition and elected NOT to make details of the vulnerabilities public until Samsung has more time to address the issues.

Devices affected by the security vulnerabilities include Samsung phone models (S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series); Vivo phone models (S16, S15, S6, X70, X60 and X30 series); Pixel phone models (Pixel 6 and Pixel 7 series); as well as any wearables using the Exynos W920 chipset and any vehicles that use the Exynos Auto T5183 chipset.

Steps to Protect Yourself from these Vulnerabilities

  1. Ensure that you have updated the software on your mobile devices (including wearables and in-car systems) as soon as a patch is released. If you are unsure whether your device or vehicle is affected, contact the manufacturer for guidance.
  2. If your mobile device is on the list, stop using your device to place free phone calls over the internet. Only place calls using your phone’s SIM card.

Summary

Most of the security flaws discussed here have already been patched, so if you are allowing your devices to apply security updates, you are at least partially protected. By discontinuing the use of free wifi calling using the internet, you can avoid having your data and voice calls monitored and stolen.

Jack Eisenberg, Owner
Safe and Secure Computing