Google cautions users to protect themselves against remotely exploitable issues in popular Android phones by taking action.

Concerned that the holes may soon be detected and used against it, Google's security research division is raising the alarm over a number of vulnerabilities it discovered in specific Samsung semiconductors used in numerous Android devices, wearable technology, and automobiles.

Tim Willis, the head of Google's Project Zero, claimed that internal security researchers discovered and reported 18 zero-day flaws in Exynos modems made by Samsung over the previous few months, including four of the highest severity that could compromise impacted devices "silently and remotely" over the cellular network.

Project Zero tests have shown that these four flaws allow an attacker to remotely compromise a phone at the baseband level without the victim having to do anything, Willis said. The attacker just needs to know the victim's phone number.

An attacker would be able to gain near-unrestricted access to the data flowing into and out of an affected device, including cellular calls, text messages, and cell data, without disclosing their presence to the victim if they were given the ability to remotely run code at a device's baseband level, or more specifically the Exynos modems that convert cell signals to digital data.

As far as disclosures go, it's uncommon to see Google — or any security research organisation — raise the red flag on serious flaws before they are fixed. A experienced attacker "would be able to swiftly construct an operational exploit," according to Google, with little investigation and work. This was flagged as a risk to the general public.

Maddie Stone, a Project Zero researcher, stated on Twitter that Samsung had 90 days to fix the issues but hadn't done so.

Many Exynos modems are vulnerable, affecting several Android device makers, Samsung stated in a March 2023 security listing, but it supplied little other specifics.

Project Zero claims that a number of Samsung models, Vivo phones, and Google's own Pixel 6 and Pixel 7 phones are among the impacted gadgets. Wearables and automobiles that use Exynos chips to connect to the cellular network are also among the affected gadgets.

The following devices are among those on the list of those that are affected: Samsung mobile devices, including the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series; Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series; Google Pixel 6 and Pixel 7 series; Connected vehicles that use the Exynos Auto T5123 chipset, While noting that its Pixel devices have already received the March security upgrades, Google stated that patches will differ depending on the manufacturer. Google advised users to disable Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings to "reduce the possibility of these vulnerabilities being exploited" until the affected manufacturers release software fixes to their consumers. As they required either access to a device or insider or privileged access to a mobile carrier's networks, Google said the remaining 14 vulnerabilities were less serious.