sunset's gemlog

Forced Obsolescence Hurts Security

Project Zero at Google has reported a number of exceptionally severe vulnerabilities in Samsung's modem stack, allowing remote code execution with no information other than a victim's phone number.

Google: Turn off VoLTE, Wi-Fi calling due to severe Exynos modem vulnerabilities on Pixel 6, more

The suggested remediation, pending a patch? Turning off VoLTE. Unfortunately, as all major US networks have shut down their pre-VoLTE voice networks, this is not possible in the US. In other words, the forced obsolescence mafia are now exposing their users to remote code execution because they killed every fallback network available. Users with a Samsung modem - including Pixel 6 and Pixel 7 devices - now have a choice between using a device in a known-vulnerable configuration, or losing phone functionality entirely.

I'm sure some networks made a lot of money by forcing upgrades from pre-VoLTE phones and clawing back spectrum, though, so it's probably worth it.

Stay safe out there, everyone.