Project Zero, a team established by Google ten years ago, has discovered 18 security vulnerabilities in Exynos modems used in several popular devices, including the Samsung Galaxy S22 and Google Pixel 6. The team’s primary goal is to identify potential vulnerabilities in Android before malicious hackers can exploit them. They not only seek out bugs and flaws but also thoroughly document them, releasing their research results to the public after 90 days, allowing manufacturers ample time to address the vulnerabilities before users are informed of critical details.
The recent investigation revealed that four of the 18 discovered vulnerabilities could allow hackers to access devices simply by knowing the phone number. The list of affected devices includes:
- Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04
- Vivo S16, S15, S6, X70, X60, and X30
- All Pixel 6 and Pixel 7 models
- Wearable devices using the Exynos W920 chipset
- Any vehicle using the Exynos Auto T5123 chipset
Google has already fixed the issue for Pixel 7 models with the March security update. However, Pixel 6, Pixel 6 Pro, and Pixel 6a owners, as well as Samsung users, remain vulnerable, as the company has not yet patched the flaws within the 3-month timeframe. Google advises users to disable Wi-Fi calling and VoLTE features on affected devices until they receive the update.