Security researchers claim to find a severe vulnerability that may affect up to 30% of all Android phones worldwide
Qualcomm has been developing its MSM series of modems since the 1990s, and still uses it, even in the latest 5G smartphones. It is ostensibly connected to various services and components for radios, voice-calls and media, and is, thus, a major target for hackers - according to security groups such as Check Point, at least.
The team asserts that one of the weakest bricks in the wall between a hacker and a user's data is Qualcomm real-time OS (or QuRT), which is persistent in all forms of Android and allows this software to communicate with a given MSM via its managemetn interface (QMI).
This interface, present on an estimated 30% of all phones everywhere, can apparently be leveraged in the proof-of-concept hack developed by Check Point in order to demonstrate the new vulnerability (now known as CVE-2020-11292) to Qualcomm.
The chip-maker has responded with claims that it has been addressed as part of a security update pushed back in December 2020. On the other hand, Google has reportedly only just done so as part of its June 2021 security patch. Accordingly, there is a chance some phones on older versions might still be susceptible to the new flaw.