Security vulnerability: Update your Pixel and deactivate Wi-Fi calling and VoLTE on Samsung

Project Zero, Google's in-house security researchers, have publicised a vulnerability in Samsung's Exynos modem chips. These are not only found in the Galaxy S22 models, but also in current Pixel devices from Google. Software updates that close the security gap are not yet available for all smartphones.

Disable Wi-Fi calling and VoLTE

According to Project Zero's analysis, it is enough for hackers to know the phone number of a device to be able to install malware via the vulnerability. This would not be visible to smartphone users. It is not known whether the vulnerability has already been exploited.

Project Zero found and reported the vulnerability in the Exynos modem chips back in November 2022. Google closed it with the security update for Pixel devices in March 2023. There are still no suitable updates from other manufacturers. However, Project Zero considers the security vulnerability to be so relevant that they are already publicising it, contrary to customary practice.

Project Zero also provides advice on how to protect your device without an update. As a temporary security measure until a security patch is released, you should deactivate Wi-Fi calling - sometimes also referred to as WLAN telephony - and Voice over LTE (VoLTE) in the SIM card settings on the affected devices.

These devices are affected

The affected modem chips are found in all variants of the Galaxy S22 series as well as the Galaxy A71, A53, A33 and A13. Other affected Samsung devices - especially from the M series - have hardly been sold in Europe. Google uses the chips in all variants of the Pixel 6 and Pixel 7, while Vivo also uses the affected Samsung components in the X70, X60, X30, S16, S15 and S6. The complete list of affected devices can be found here.