Google’s security research team has discovered some major vulnerabilities in Pixel and Samsung Galaxy phones that you’ll want to protect yourself against as soon as possible.
The issues were discovered in Samsung’s Exynos modems used by several smartphones, including the Google Pixel 6, Google Pixel 7 and Samsung Galaxy S22.
As revealed in the Project Zero team’s blog post (opens in new tab) people using a device that relies on this chip will want to turn off Wi-Fi calling and Voice-over-LTE in their device settings to protect themselves until a security patch is released. The affected devices are:
- Samsung’s S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series phones
- Vivo’s S16, S15, S6, X70, X60 and X30 series phones
- Google’s Pixel 6, Pixel 6 Pro, Pixel 6a, and Pixel 7 phones
- each portable with the Exynos W920 chipset
- any vehicle using the Exynos Auto T5123 chipset
However, not every version of every device is affected. For example, the European Samsung Galaxy S22 uses a vulnerable Exynos modem, but the American version does not. But for other devices, such as the A53, all versions of that phone use the vulnerable Exynos 1280.
So before you turn off Wi-Fi calling and turn off Voice-over-LTE, you might want to check if your exact model is indeed affected using Samsung’s official information (opens in new tab).
How can you protect your phone?
For its part, Google says the March 2023 security update rolled out to Pixel 6 and Pixel 7 phones should fix these issues.
In a statement we received, Samsung told us it takes the security of its customers seriously and this month released a patch for five of the six vulnerabilities affecting certain Galaxy devices. Another security patch is coming in April to address the remaining vulnerability, so make sure your device is up to date if you want it to be protected.
In the meantime, you can protect yourself by going to your phone’s settings. Search for “Wi-Fi Calling” using the search option and you’ll see a switch to turn it on or off in the Connections submenu. If you want your Samsung phone to be safe, you need to turn it off, but you will lose access to the feature until you turn it back on.
To turn off Voice-over-LTE, go back to the Connections menu and this time tap Mobile networks. You should then see a new list of options and toggles next to “VoLTE calls SIM 1” and “VoLTE calls SIM 2” (although the second option will only appear if you have two SIMs installed). Flip the switches off and that should mean your phone is protected against the vulnerabilities discovered by Project Zero.
Disabling these features will reduce your call quality, but you should still be able to make calls.
Analysis: Why reveal these shortcomings?
If these flaws pose serious risks to our devices, why would Google Project Zero reveal them? Wouldn’t it be better to keep them private so hackers don’t know they exist?
Project Zero keeps the most serious exploits private and only shares them with relevant device manufacturers to ensure they are not exploited by malicious parties. But for other security issues, it may be better to keep a wider network of people informed.
First, there’s a way for us to protect ourselves against attacks that exploit these vulnerabilities – until a patch is rolled out, you’ll be able to disable Wi-Fi calling and Voice-over-LTE, as we explained above. On the other hand, these exploits may not be that hard to discover, so by keeping them hidden from the public, Project Zero risks leaving ordinary people in the dark while hackers run rampant.
Finally, revealing the issues should encourage device manufacturers to roll out a patch as soon as possible. Now, Google’s Project Zero team is not only chasing them to fix the problem, but device owners can also get in touch through official forums and contact forms to have their phone maker fix the problem.
Looking for a phone that doesn’t suffer from this modem problem? Check out our picks for the best phone to find several options that don’t depend on the affected Exynos modem.