A vulnerability detected in a component of Qualcomm’s modems has put around 30% of Android phones on the market at risk, according to The Record. Such a vulnerability, published in a Check Point report and acknowledged by Qualcomm, would allow cybercriminals to patch the modem to inject malicious code, thus gaining access to the user’s call and SMS history.
Likewise, Check Point states that by taking advantage of this vulnerability, users’ own conversations could also be overheard and the SIM card unlocked. Qualcomm, in response to the security firm, ensures that they have already submitted a patch to fix the problem
Almost one in three Android phones affected by this vulnerability
Israeli cybersecurity firm Check Point discovered a vulnerability under the name CVE-2020-11292, which affects around 30% of Android phones worldwide. This is due to the QMI protocol of Qualcomm modems, included in their mobile processors. This is a proprietary Qualcomm protocol that allows the modem to communicate wirelessly with other subsystems.
“An attacker can use this vulnerability to inject malicious code into the modem from Android. This gives the attacker access to the user’s call and SMS history, as well as the ability to listen for conversions . An attacker can also exploit this vulnerability to unlock., Thereby bypassing service provider limitations imposed on the mobile device. “Checkpoint.
Among the services included in this protocol are voice services, SMS sending, network access, SIM data administration and others. In this way, if the security of the protocol is violated, malicious code can be injected
The patch to resolve this error has already been sent to Android manufacturers, but it is up to them to send the update or not
Qualcomm, in response to investigators’ report, told Check Point that a patch was released in december 2019 to resolve this issue, but that it is the manufacturers of Android who must apply it.
In other words, if the manufacturer does not apply such a security patch, the device is not protected. The latest data on the distribution of versions on Android indicates a great fragmentation, as many phones are left without updating and without protection against these kinds of threats. From Engadget Mobile, we contacted Qualcomm to try to expand this information.