Home > Phone > Qualcomm vulnerability could allow hackers to tap into your calls and texts

Qualcomm vulnerability could allow hackers to tap into your calls and texts


The folks over at Israeli cybersecurity firm CheckPoint have discovered a vulnerability inside chips made by Qualcomm that could allow a malicious party to tap into your phone calls and text messages. The flaw was discovered in Qualcomm’s Mobile Station Modems (MSM), a series of system on chips used in mobile devices that allows cellular connectivity (and a host of other feature such as hi-def recording) on over 40% of phones in the world. In this case, phones that were left vulnerable were those that employ a proprietary protocol called QMI (Qualcomm MSM Interface) which allows communication between MSM software components and other subsystems on a phone.

Checkpoint notes that the vulnerability in Qualcomm’s chip could allow a hacker to inject a malicious code into the modem by various means such as an app to access users’ call history and SMS. It could even be exploited to listen to your conversations. The experts at Checkpoint estimate that QMI can be found on over 30% of all phones in the world, which means billions of devices were exposed to a possible attack. In addition to it, the flaw could also have been exploited to unlock the SIM being used on a phone.

“We discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor. An attacker can use such a vulnerability to inject malicious code into the modem from Android. This gives the attacker access to the user’s call history and SMS, as well as the ability to listen to the user’s conversations,” says the blog post.

In a research note, CheckPoint reveals that it informed Qualcomm about the MSM vulnerability in October last year. Qualcomm subsequently notified smartphone vendors about the issue and patches to fix the flaw started rolling out within the next few months. However, it is unclear what percentage of phones have received the necessary software updates to fix the security flaw till date. The cybersecurity firm revealed that Qualcomm MSM is present inside phones offered by the likes of OnePlus, Google, LG, and Samsung. Classified as CVE-2020-11292, the vulnerability will also be disclosed in Google’s official Android security bulletin for June.

Nadeem Sarwar

I’ve been writing about consumer technology for over three years now, having worked with names such as NDTV and Beebom in the past. Aside from covering the latest news, I’ve reviewed my fair share of devices ranging from smartphones and laptops to smart home devices. I also have interviewed tech execs and appeared as a host in YouTube videos talking about the latest and greatest gadgets out there.

Source link

Hi guys, this is Kimmy, I started LicensetoBlog to help you with the latest updated news about the world with daily updates from all leading news sources. Beside, I love to write about several niches like health, business, finance, travel, automation, parenting and about other useful topics to keep you find the the original information on any particular topic. Hope you will find LicensetoBlog helpful in various ways. Keep blogging and help us grow as a community for internet lovers.