Google discovers security gaps in smartphones

Small chips, big security holes: A security team from the Internet company Google has found serious vulnerabilities in various chips manufactured by Samsung. The so-called Exynos modem chips are responsible for establishing mobile data connections. They are not only installed in Samsung devices, but are also used by other manufacturers, for example in Google's Pixel smartphones or those of the smartphone manufacturer Vivo. Affected devices include the Samsung Galaxy S22 and the Galaxy A71. According to the security researchers of the Google Zero project, smartwatches or cars connected via mobile communications can also be attacked.

Hackers only need to know the phone number of a device to install malware from the Internet without the user noticing. Samsung has already pointed out the vulnerability in a security update from January. Updates are available for some Samsung devices, but not all. Google emphasizes that it has eliminated the vulnerabilities of its Pixel smartphones with the monthly security update in March. It is not known whether the gap was exploited at all.

However, users can protect themselves even without updates. As both Google and Samsung write, the WLAN telephony and Voice-over-LTE ("VoLTE") functions can be disabled as a security measure. These enable calls via an Internet connection. Potential attackers would not be able to exploit the vulnerability if they were deactivated.

There is no final list of affected devices. According to Google, the Samsung models S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 are most likely affected. Devices from the manufacturer Vivo, including the models S16, S15, S6, X70, X60 and X30, as well as the Google Pixel 6 and Pixel 7, are also vulnerable.

Samsung told F.A.Z. in response to a query that it had identified six security vulnerabilities that "potentially affect certain Galaxy devices." In March, Samsung released security patches for five of these vulnerabilities, it said. Another security patch will be released in April to address the remaining vulnerability, it said. Samsung recommends that its users update their devices with the latest software to ensure the best possible protection.



Image by Irfan Ahmad

Â