Google says Exynos chips put several phones at security risk (Updated)

Google says Exynos chips put several phones at security risk (Updated)

Eric Zeman / Android Authority

Galaxy S22 Ultra vs Pixel 6 Professional


  • Google’s Challenge Zero has uncovered 18 active vulnerabilities on Samsung’s Exynos modems.
  • Four of people vulnerabilities can give hackers accessibility to your mobile phone by merely realizing your cell phone selection.
  • Affected equipment making use of the unsafe Exynos modems involve the Galaxy S22 series and quite a few other telephones.

Update: March 20, 2023 (11:07 PM ET): Google has rolled out the March 2023 security patch for the Pixel 6, Pixel 6 Professional, and Pixel 6a. This suggests that the phones are no longer uncovered to the protection challenges posed by affected Exynos chips.

Primary post: March 17, 2023 (12:38 AM ET): Google’s Project Zero safety research group has posted a weblog highlighting active vulnerabilities in Samsung’s Exynos modems. Four of the 18 noted safety difficulties with the Samsung chips in issue are significant and could give hackers entry to your telephones with just the enable of your phone amount.

Stability researchers ordinarily really do not disclose vulnerabilities until finally right after they are settled. Nonetheless, it appears Samsung has been dragging its toes on the problem. Job Zero researcher Maddie Stone tweeted (by means of TechCrunch) that “end-customers however really don’t have patches 90 days soon after the report.”

According to scientists, the adhering to telephones and other products, which includes motor vehicles, can be compromised if hackers had been to exploit the at-danger Exynos chips:

  • Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 collection.
  • Vivo S16, S15, S6, X70, X60 and X30 sequence.
  • The Pixel 6 and Pixel 7 sequence.
  • Any cars that use the Exynos Vehicle T5123 chipset.

Notably, Google has patched the difficulties in its March security update for Pixel 7 series. Even so, the update nevertheless has not reached the Pixel 6, Pixel 6 Pro, and Pixel 6a, which usually means these telephones aren’t at the moment harmless from hackers able of exploiting the specified internet-to-baseband remote code execution vulnerability.

“With confined more study and progress, we think that qualified attackers would be ready to swiftly make an operational exploit to compromise afflicted products silently and remotely,” Venture Zero observed in its report.

How can you guard on your own?

When we await Samsung and other suppliers to resolve the difficulties impacting the Exynos chips, Google endorses you turn off Wi-Fi calling and Voice-more than-LTE (VoLTE) on the influenced equipment. You ought to also maintain an eye out for any future protection updates and seize them as quickly as possible.