If you have a Samsung or a Pixel phone, you can be prone to a new cyberattack that targets such devices if they’re still maintaining Wi-Fi calling and VoLTE enabled. Google’s Project Zero has identified a series of security vulnerabilities that affect Samsung and Google Pixel phones with Exynos modems. The eighteen vulnerabilities were discovered in late 2022 and early 2023, and four of them are considered critical, enabling remote code execution with only the victim’s phone number, as XDA reveals.
While one of the most serious exploits has a publicly assigned Common Vulnerabilities and Exposures (CVE) number, Google has withheld a number of CVEs associated with the vulnerability in a rare exception to normal bug disclosure protocol.
Disabling Wi-Fi Calling and VoLTE will reduce the risk of infection
The bug has been fixed in the March security update, which is already available for the Pixel 7 series. However, the Pixel 6 series has not received the update yet, leaving those devices vulnerable. Google recommends that users of unpatched devices disable VoLTE and Wi-Fi Calling to reduce their risk.
Google’s Project Zero has identified the vulnerability that affects several devices, and the list includes:
- Mobile devices built by Samsung, including those from the following series: S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04.
- Smartphones from Vivo, including those in the following series: S16, S15, S6, X70, X60, and X30.
- The Pixel 6 and Pixel 7 series of devices built by Google.
- All vehicles that use the Exynos Auto T5123 chipset.
Monthly security updates are expected to protect sensitive personal data that smartphones carry, making it critical to ensure timely security patching to protect against security risks.
In other words, if you have one of the smartphones from the list mentioned above, it’s best to get your hands on the latest March 2023 security update if you haven’t done so already.