Critical vulnerabilities on Samsung phones

Vulnerabilities allow the attacker to perform an arbitrary code on the target's mobile device only by knowing the phone number.

The problem concerns Samsung's mobile devices series: S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04.

There are no corrections yet available for vulnerabilities, but you can limit their exploitation by shutting down your phone Wi-Fi calls and VoITE feature (Voice-over-LTE) from your device settings:

  • Turn off Wi-fi calls: Asetukset/Settings => Yhteydet/Connections => Wi-fi-puhelu/Wi-fi Calling
  • Turn off VoLTE feature: Asetukset/Settings => Yhteydet/Connections => Matkapuhelinverkot/Mobile networks => VoLTE -puhelut/Volte calls

More instructions on Samsung page: https://www.samsung.com/us/support/answer/ANS00077652/.

More information about these vulnerabilities on Traficom page in Finnish: Useita kriittisiä haavoittuvuuksia Samsung Exynos -piirisarjassa | Kyberturvallisuuskeskus.

Last updated: 20.3.2023