Hackers Can Gain Full Control Of Certain Samsung Phones With Just Contact Number: Google's Project Zero Report

Tech giant Google's bug-hunting team Project Zero has identified around eighteen security vulnerabilities affecting Exynos modems, as reported by XDAdevelpers.com on Sunday. A combination of these vulnerabilities that affect Exynos modems can allow a hacker to gain full control and access to a smartphone without the owner of the phone knowing about it. They just need the contact number of the owner of the smartphone.

There are a number of devices that can become targets of hacks and attacks, according to Google's Project Zero. The list of devices that are already affected by the vulnerabilities includes Samsung, Vivo, Pixel phones, and any devices that have Exynos Auto T5123 chipset in them.

Samnsung's S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series are highly prone to these effects. Vivo's S16, S15, S6, X70, X60 and X30 series are also on the list of affected phones. Even Google's own Pixel 6 and Pixel 7 series are prone to these vulnerabilities, reported XDAdevelpers.com.

ALSO READ: Trump Will Be Re-Elected In Landslide Victory, If Indicted: Elon Musk

Meanwhile, in the March security update, the bug has already been fixed in the Pixel 7 series. However, Google's Pixel 6 series continues to have security vulnerabilities.

According to Google, all users using unpatched devices should immediately disable their VoLTE and Wi-Fi Calling on the devices.

Head of Project Zero Tim Willis, said, "with limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely," as quoted by XDAdevelpers.com.

What he meant is that some attackers and hackers can easily exploit and hack into the device without the users having any idea about the compromise.

Currently available information on any major exploit, CVE-2023-24033, says that the affected baseband modem chipsets "do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service," as cited by XDAdevelpers.com. 

ALSO READ: TikTok Ban: Countries That Have Restricted The Short-Video App

The non-availability of services here means that a hacker can lock the user's phone and even prevent him from accessing the device. However, there is no additional information available on this to support the claims in detail.

There are fourteen other security vulnerabilities such as CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076, and nine others in a similar category that are not so critical. 

However, they carry the risk till the end user. And for an exploitation attempt to succeed on them, "either a malicious mobile network operator or an attacker with local access to the device" is required.