Project Zero wrote in a blog post that various Exynos processor groups have a series of vulnerabilities that could “allow an attacker to remotely compromise the phone at the baseband level, without user interaction” and require only the victim’s phone number. And Samsung seems to be slow to fix the problem.
Project Zero warns that experienced hackers will only need “a small amount of additional research and development” to exploit the vulnerability. Google says the March security update for Pixels should fix the issue. The update is not yet rolling out to the Pixel 6, 6 Pro, and 6a.
The researchers said they believe the following products may be at risk:
Samsung mobile products, including the Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
Mobile products from vivo, including those from the S16, S15, S6, X70, X60 and X30 series
Any wearable product using Exynos W920 processor
Any vehicle using the Exynos Auto T5123 processor set
Except for the European version, Samsung S22 phones are equipped with Qualcomm components, so the above-mentioned vulnerabilities will not appear. But popular phones with Exynos processors, such as the mid-range A53 and the European version of the S22, are at risk.
Currently Samsung’s new flagship S23 is safe, and its global version uses Qualcomm components.