A new vulnerability has been discovered inside Qualcomm-produced phone chips, which can be exploited to gain access to data on affected devices allowing an attacker to dig through the victim’s phone calls and text messages. The bug was discovered and reported by Check Point Research, which states that the vulnerability is exploitable on 30 percent of smartphones currently active across the globe. Also Read - Galaxy Z Flip 3, Galaxy Z Fold 3 official teasers from Samsung leak
According to Check Point Research, the bug currently affects devices from almost all Android smartphone manufacturers including Samsung, Google, Xiaomi, LG and more. The researchers state that the vulnerable chips are currently used inside of 40 percent of the global phone population, but only 30 percent are equipped with a proprietary interface, the Qualcomm MSM Interface (QMI), necessary for attacks to be conducted. Also Read - Your Window PC can now run Android apps
The mobile station modem (MSM) is the part affected by the bug that is responsible for providing capabilities to a majority of the important components within the phone. Also Read - Samsung Galaxy M32 in pics: First look at the Redmi Note 10S competitor
In theory, an attack would require access to the operating system of a targeted device via a malicious trojanized app or some other method. After the attacker gains access they can inject malicious code into the modem to reveal sensitive information.
According to the report, an attack of this type would hijack a phone’s QMI (a protocol that governs communication between the different software components within the MSM). In simple terms, such an attack would allow hackers to access text messages and the call history of the victim, while at the same time also provide them with the ability to listen in on a user’s calls. Some cases might be even worse, as it would provide them with access to the device’s SIM card.
“Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices. Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices as patches become available,” a Qualcomm spokesperson told BGR India in an email statement.
As seen in the statement, Qualcomm claims to have issued a fix, which was made available to OEMs in December. Many of whom might have already rolled it out to their users. However, as of now, it is not known how many OEMs have issued the fix in their respective OTA releases. Qualcomm also states that the fix will also be included in the public Android bulletin in June.