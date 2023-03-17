Google security research team Project Zero has discovered 18 vulnerabilities in Samsung’s smartphone modems.

The modems power devices like Google’s Pixel 6 and 7 and some of Samsung’s Galaxy S22 and A53 series smartphones.

The full list of affected devices is provided below:

The Samsung Galaxy devices in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;

Vivo devices including those in the S16, S15, S6, X70, X60 and X30 series;

Google Pixel 6 and 7;

Any wearables with the Exynos W920 chipset; and,

Any vehicles with the Exynos Auto T5123 chipset.

Project Zero warns the vulnerabilities could “allow an attacker to remotely compromise a phone at the baseband level with no user interaction,” using only the victim’s cellphone number.

It added that attackers could exploit the flaws “with only limited additional research and development”.

It is important to note that not all smartphones in the affected Samsung series will have the vulnerability.

Its phones sold outside Europe and some African countries pack a Qualcomm processor and modem and should be safe from the vulnerabilities.

Project Zero advises that users with affected devices disable Wi-Fi calling and voice-over-LTE to protect themselves.

Project Zero has strict rules around its disclosure deadlines.

It waits at least 90 days after reporting vulnerabilities to the manufacturer before disclosing them to the public and may give manufacturers a grace period beyond that under specific circumstances.

Suggesting that Samsung is dragging its feet on releasing a patch, Project Zero researcher Maddie Stone tweeted Thursday evening that “end-users still don’t have patches 90 days after report”.