Google's team Project zero has found issues in Samsung modems that could potentially get mobile phones hacked, as reported by TheVerge.
Samsung Modems
The Samsung modems power devices, such as the Pixel 7, Pixel 7, and some of the Galaxy S22 and A53.
Based on its blog post, various Exynos modems have vulnerabilities that could allow a hacker to compromise a mobile phone at the baseband level with no user interaction remotely. It will also not require the victim's phone number.
Experienced hackers could also exploit the issue. A report by 9to5Google states that the Pixels' March security update should have already fixed the problem, but the update isn't available for the Pixel 6, 6 Pro, and 6a just yet.
For the devices to be vulnerable, they should use one of the affected Samsung modems, which exempts many S22 owners because the phones sold outside of Europe and some African countries have a Qualcomm processor with a Qualcomm modem.
On the other hand, phones with Exynos processors, such as an A53 and European S22, might be vulnerable.
What Project Zero Found
Project Zero found 18 vulnerabilities in the modems, four of which are bad. Google will not be sharing any additional information on the vulnerabilities right now.
Aside from the four bad ones, the others are minor that require either a malicious mobile network operator or an attacker with local access to the device. The four bad vulnerabilities are more serious and are related to the baseband processor, which could allow a remote attacker to execute arbitrary code on the device. This could lead to a variety of attacks, including the ability to access a user's data, eavesdrop on their conversations, track their location, and more.
In addition, users should be aware of any suspicious activity on their phones, such as unexpected messages or calls from unknown numbers. If anything seems out of the ordinary, it's best not to answer or respond until you can verify who is calling/messaging you first. Additionally, if possible, avoid connecting your device over public Wi-Fi networks where attackers may be able to intercept data more easily than when connected via cellular connection alone.
It is also recommended to enable two-factor authentication (2FA) on any accounts associated with a modem where possible in order to add an extra layer of protection against potential attackers gaining access through one vulnerability or another. Furthermore, avoid connecting over public Wi-Fi networks whenever possible, as they can be more easily intercepted than cellular connections alone.
Lastly, always remain vigilant and report any suspicious activity you may observe on your phone, such as unexpected messages/calls from unknown numbers, right away so that appropriate action can be taken before anything serious happens due to a vulnerable modem connection issue.
Related Article: Google Obtains Partial Exploit Chain for Samsung Devices, Targeted by Commercial Surveillance Vendor