Google’s Project Zero security research team has posted a blog highlighting active vulnerabilities in Samsung’s Exynos modems. Four of the 18 reported security issues with the Samsung chips in question are severe and could give hackers access to your phones with just the help of your phone number.

Security researchers usually don’t disclose vulnerabilities until after they are resolved. However, it seems Samsung has been dragging its feet on the issue. Project Zero researcher Maddie Stone tweeted (via TechCrunch) that “end-users still don’t have patches 90 days after the report.”

According to researchers, the following phones and other devices, including vehicles, can be compromised if hackers were to exploit the at-risk Exynos chips:

• Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series.
• Vivo S16, S15, S6, X70, X60 and X30 series.
• The Pixel 6 and Pixel 7 series.
• Any wearables that use the Exynos W920 chipset.
• Any vehicles that use the Exynos Auto T5123 chipset.

Notably, Google has patched the issues in its March security update for Pixel 7 series. However, the update still hasn’t reached the Pixel 6, Pixel 6 Pro, and Pixel 6a, which means these phones aren’t currently safe from hackers capable of exploiting the specified internet-to-baseband remote code execution vulnerability.

“With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely,” Project Zero noted in its report.

How can you protect yourself?

While we await Samsung and other vendors to resolve the issues affecting the Exynos chips, Google recommends you turn off Wi-Fi calling and Voice-over-LTE (VoLTE) on the affected devices. You should also keep an eye out for any upcoming security updates and grab them as soon as possible.