We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

18 Zero-Day Flaws Found in Samsung Exynos Modems

18 Zero-Day Flaws Found in Samsung Exynos Modems
Author Image Keira Waddell
Keira Waddell Published on 21st March 2023 Former Senior Writer

Google's Project Zero, a team dedicated to studying and reporting vulnerabilities, has identified 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in various Android devices, including mobile devices, wearables, and vehicles.

Four of the most severe vulnerabilities detected allow attackers to execute code remotely at the baseband level. This is the critical firmware and hardware that allows your device to connect to the cellular network. A cybercriminal could use this unauthorized access to silently monitor the data flowing in and out of an affected device, for example.

To take advantage of these four serious vulnerabilities, an attacker would only require the victim's phone number. Experienced hackers could quickly create an operational exploit to take advantage of these vulnerabilities without triggering alarms.

The affected devices include:

  • Samsung S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 mobile device series
  • Vivo S16, S15, S6, X70, X60, and X30 mobile device series
  • Google Pixel 6 and Pixel 7 mobile device series
  • Wearables that use the Exynos W920 chipset
  • Vehicles that use the Exynos Auto T5123 chipset

Project Zero has decided to delay disclosing the details of these four severe vulnerabilities that allow for Internet-to-baseband remote code execution. This is due to the rare combination of the level of access and the speed with which reliable operational exploits could be created. The remaining 14 vulnerabilities are less critical but still pose a risk, requiring local access or a malicious mobile network operator to exploit successfully.

Google has noted that patches for these vulnerabilities will vary depending on the manufacturer, but its Pixel 7 devices are already patched following its recent March security updates.

In the meantime, users can switch off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings to remove the exploitation risk of these vulnerabilities. This workaround has been confirmed by Samsung, who also encourages users to update their devices as soon as possible.

About the Author

Keira was a senior writer at vpnMentor. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address