FSF/Replicant developer reported this today:
They mention some known affected devices, but there could be more, many more (possibly most past 3 years Galaxy devices).
Apparently the backdoor is in the phone's proprietary firmware for the modem/baseband. This is actually something many people have warned about in the past as a huge security/backdoor risk, even when the Blackphone was launched.
Solution to solve this: We need to demand of all OEMs and all modem makers (Qualcomm, Broadcom, Mediatek, Intel, etc) to open source their firmware. It's the only way to know for sure their modem firmware isn't backdoored.
Until then, use custom ROMs that are open source from top to bottom, and for Galaxy devices use Replicant, or other ROMs that say they've plugged this backdoor like Replicant did.