×

Registration

Profile Informations

Login Datas

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Qualcomm Chip Vulnerability Affects 30% Of All Smartphones, Lets Hackers Eavesdrop On Your Calls

snapdragon

Our smartphones, over the years, have from a tool used primarily by tech enthusiasts to something that almost everyone walks around with today. As such, our smartphones are used for everything from making phone calls, to texting, to gaming, to taking photos, to banking.

And when it comes to smartphones, Android devices have the most market share, and the majority of them are using Qualcomm Snapdragon SoCs. Besides featuring a powerful CPU and GPU, modern Snapdragon SoCs also feature an integrated modem that gives you 4G LTE and 5G connectivity.

Unfortunately, the folks from Check Point Research have discovered a vulnerability in Qualcomm's Mobile Station Modems (MSM). Google's Android operating system can access the MSM through the Qualcomm MSM Interface (QMI), and that's where the Checkpoint researchers were able to probe a rather nasty vulnerability involving QMI.

android malware pair

"During our investigation, we discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor," the researchers explained.

Using the vulnerability, malicious actors could use the Android operating system to inject code into the MSM. Given that the MSM handles all call information coming in and out of the smartphone, it would give attackers access to device call history and SMS data. Perhaps even more concerning is that it would be possible to eavesdrop on active phone conversations and even unlock a smartphone's SIM, defeating carrier protections. QMI is currently in use on 30 percent of smartphones according to Checkpoint.

The vulnerability has been assigned CVE-2020-11292 for tracking purposes and affects most modern Qualcomm MSMs, including the most recent 5G iterations. However, it should be noted that Qualcomm sent patches out to Android OEMs in December after receiving a heads-up from Checkpoint. As a result, if you have a smartphone that receives regular updates from the manufacturer -- a la Samsung, Google, etc. -- you should be safe.

However, if you're using a device that is no longer receiving updates because of age, or if your OEM is laggard with updates, you may simply be out of luck.

Go to Source