Google Pixel phone

Google Pixel & Samsung phones can get hacked remotely with phone number

A few weeks ago, Google released news that they found hazardous security bugs on certain Android smartphones and devices. These bugs are so dangerous that Google is withholding details about them until a sufficient number of Android devices have applied the March 2023 security patches.

Why are these bugs so dangerous?

These bugs are so dangerous because hackers only need to know your phone number to compromise your device. They can attack your device remotely and silently, with no interaction on your part.

Why aren’t all Android devices affected?

These security bugs are located in a ‘hidden’ hardware operating system, which is present on all smartphone devices. Only smartphones with specific hardware are affected.

What is that ‘hidden’ hardware operating system?

All devices that can connect to the cellular phone network contain two processors with two different operating systems. The operating system that you are familiar with and can see (e.g. iOS, Android) runs on the application processor. The operating system that is hidden and unseen runs on the baseband processor, which is part of the modem that connects your device to the cellular network.

How can that baseband processor affect the security of your device?

The problem is that typically, the baseband processor runs a real-time operating system that has access to the memory shared with the application processor. So, a compromise of the operating system in the baseband processor will allow attackers to inject code into the operating system (e.g. iOS, Android) of the application processor.

It is unclear how newer devices improve the security model by segregating the baseband processor from the application processor. More research is needed to be done in this area to ascertain how vulnerable newer devices are to attacks on the baseband processor.

Is my device vulnerable?

Devices with the Exynos chipsets are vulnerable, which include:

  • Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series;
  • Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
  • The Pixel 6 and Pixel 7 series of devices from Google; and
  • any vehicles that use the Exynos Auto T5123 chipset.

Should I be worried and what do I need to do?

Subscribe to continue reading

Become a paid subscriber to get access to the rest of this post and other exclusive content.