Project Zero team of Google is pleading with Pixel 6 and 7 users and many other phones to disable VoLTE and VoWiFi due to the issue found on the Samsung Exynos modem. The supposed vulnerabilities have likely affected some Samsung phones and wearables too.
The team found 18 separate vulnerabilities in Exynos modems in the latter half of 2022 and early 2023. Four of them are considered highly risky with one of them being CVE-2023-24033 which consists of the internet-to-baseband remote code execution.
Likewise, various news outlets have mentioned that these vulnerabilities let an attacker breach into the phone’s system at the baseband level and compromise its data without the handset owner even knowing anything.
Of the 18, 14 others are not treated as severely risky because the team said, they “require either a malicious mobile network operator or an attacker with local access to the device.”
Which Pixel and other Android devices are affected by the Exynos modem issue?
Samsung Semiconductor says the following chipsets are affected:
- Exynos Modem 5123,
- Exynos Modem 5300,
- Exynos 980, Exynos 1080, and
- Exynos Auto T5123.
Meanwhile, Google made a list of devices that might have been affected due to the same issue:
- Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 series
- Vivo S16, S15, S6, X70, X60, and X30 series
- Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro
- Vehicles that use the Exynos Auto T5123 chipset
Galaxy Watch 4, and 5 are also the other devices that could have the same issue.
Do note that for Pixel phones, the CVE-2023-24033 vulnerability received its fix with the March 2023 security patch. However, the Pixel 6, 6 Pro, and 6a have yet to see that March update and are currently vulnerable. Project Zero’s advice for those impacted follows:
Disable Volte and VoWiFi
The Project Zero team has suggested users that they can turn off VoLTE and VoWiFi on their devices to avoid the baseband remote code execution in Exynos chipsets. Users can resort to this measure until a patch becomes available.
“Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.”
Project 0 team, Google
Do you use any device that has an Exynos modem mentioned above? Do comment below to share your concern and possible fix.
