The issue currently affects devices from almost all Android smartphone manufacturers, including Samsung, Google, and others, as stated by Check Point Research.
Inside Qualcomm-made phone chips, a new vulnerability has been discovered that can be exploited to access data on affected devices, allowing an attacker to examine the victim’s text messages and phone calls.Check Point Research discovered and reported the flaw, which it claims can be exploited on 30% of all smartphones currently in use worldwide.
The issue currently affects devices from almost all Android smartphone manufacturers, including Samsung, Google, Xiaomi, LG, and others, as stated by Check Point Research.According to the findings of the researchers, the vulnerable chips are currently used in 40% of all mobile phones worldwide, but only 30% of those phones have the proprietary Qualcomm MSM Interface (QMI) that is required for attacks.
The bug affects the mobile station modem (MSM), which is in charge of providing capabilities to the majority of important phone components.
In theory, a malicious trojanized app or some other method would need to be used to gain access to the operating system of the device being attacked.The attacker can inject malicious code into the modem to reveal sensitive information once they gain access.
The report says that this kind of attack would take over a phone’s QMI, which is a protocol that controls how software components in the MSM communicate with one another.In layman’s terms, this kind of attack would give hackers access to the victim’s text messages and call history, as well as the ability to listen in on a user’s calls.Because it would grant them access to the SIM card on the device, some cases might be even more dire.
Qualcomm places a high priority on providing technologies that support robust privacy and security.We applaud the Check Point security researchers for employing coordinated disclosure practices that are typical in the industry.In a statement sent via email to BGR India, a Qualcomm spokesperson stated, “We encourage end users to update their devices as patches become available.” Qualcomm Technologies has already made fixes available to OEMs in December 2020.
According to the statement, Qualcomm claims to have released a fix in December that was made available to OEMs.It’s possible that many of them have already implemented it for their users.However, the number of OEMs that have included the fix in their respective OTA releases is currently unknown.Additionally, Qualcomm claims that the fix will be included in the June public Android bulletin.