Small chips, big security gaps: A security team from the Internet company Google has found serious vulnerabilities in various chips manufactured by Samsung. The so-called Exynos modem chips are responsible for establishing mobile data connections. They are not only installed in Samsung devices, but are also used by other manufacturers, for example in the Pixel smartphones from Google or those from the smartphone manufacturer Vivo. Affected devices include the Samsung Galaxy S22 and Galaxy A71. Smartwatches or cars networked via mobile communications can also be attacked, according to the security researchers of the Google Zero project.
Editor in Business
- Follow I follow
It is enough for hackers to know the phone number of a device in order to be able to install malware from the Internet without users noticing. Samsung has already drawn attention to the vulnerability in a security update from January. Updates are available for some Samsung devices, but not for all. Google emphasizes that it has eliminated the vulnerabilities of its Pixel smartphones with the monthly security update in March. Whether the vulnerability was exploited at all is not known.
Users can also protect themselves without updates. As both Google and Samsung write, the functions WLAN telephony and Voice-over-LTE ("VoLTE") can be deactivated as a security measure. These allow calls over an Internet connection. If deactivated, potential attackers would not be able to exploit the vulnerability.
There is no exhaustive list of affected devices. According to Google, Samsung models S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 are most likely affected. Also vulnerable are devices from the manufacturer Vivo, including the models S16, S15, S6, X70, X60 and X30, as well as the Google Pixel 6 and the Pixel 7.
Samsung said at the request of the F.A.Z. that it had identified six vulnerabilities that "may affect certain Galaxy devices." In March, Samsung released security patches for five of these vulnerabilities. Another security patch will be released in April to close the remaining vulnerability. Samsung advises its users to update their devices with the latest software to ensure the best possible protection.