Notebookcheck Logo

Security researchers claim to find a severe vulnerability that may affect up to 30% of all Android phones worldwide

Check Point reports a new MSM flaw. (Source: Wikichip)
Check Point reports a new MSM flaw. (Source: Wikichip)
The Qualcomm mobile station modem (MSM) series is part of 3G to 5G connectivity for millions of Android phones worldwide. The Check Point security research group now claims that it can be exploited in a way that might allow a hacker to read a user's messages and even listen in on phonecalls. This flaw involves an interface found on up to 30% of all phones worldwide.
5G Android ARM Business Security Smartphone Software Tablet

Qualcomm has been developing its MSM series of modems since the 1990s, and still uses it, even in the latest 5G smartphones. It is ostensibly connected to various services and components for radios, voice-calls and media, and is, thus, a major target for hackers - according to security groups such as Check Point, at least.

The team asserts that one of the weakest bricks in the wall between a hacker and a user's data is Qualcomm real-time OS (or QuRT), which is persistent in all forms of Android and allows this software to communicate with a given MSM via its managemetn interface (QMI).

This interface, present on an estimated 30% of all phones everywhere, can apparently be leveraged in the proof-of-concept hack developed by Check Point in order to demonstrate the new vulnerability (now known as CVE-2020-11292) to Qualcomm.

The chip-maker has responded with claims that it has been addressed as part of a security update pushed back in December 2020. On the other hand, Google has reportedly only just done so as part of its June 2021 security patch. Accordingly, there is a chance some phones on older versions might still be susceptible to the new flaw.

Buy the Dimensity 720-powered Realme V5 5G on Amazon

Source(s)

Check Point via GSMArena

Related Articles

AMD Ryzen 7000 series architecture (Source: AMD)
AMD Ryzen 7000 CPUs are faster in Linux with Spectre V2 mitigations enabled 10/05/2022
T-Mobile has experienced a data breach and customers may be affected by SIM swapping and their network information may have been leaked. (Image: Mika Baumeister)
T-Mobile hit with a data breach 12/29/2021
Cyberthreats. (Image source: Michael Geiger)
Google alerts 14,000 users to targeted phishing emails by Russian threat group 10/10/2021
Online Safety in Google Chrome. (Image source: Google)
Google releases emergency fixes for high-risk vulnerabilities in Google Chrome 10/03/2021
This toggle in Android is set to get more powerful soon. (Source: Google)
Google announces its answer to App Tracking Transparency on iOS 06/05/2021
The personal data of over 100 million Android users may have been exposed due to poor data management practices. (Image via Android with edits)
Poor data management put 100 million Android users at risk 05/25/2021
OnePlus and Xiaomi owners should be aware that flashing Android 12 Beta 1 could brick your device. (Image source: Google)
Android 12 Beta 1 rolls out to over 25 smartphones; risks with installing on OnePlus and Xiaomi devices 05/20/2021
The new C8C security camera. (Source: EZVIZ)
EZVIZ launches its first pan/tilt outdoor Wi-Fi home security camera 05/19/2021
A Core i7 XPS 13. (Source: Dell)
Dell's firmware update driver has harbored severe security bugs for over a decade, according to researchers 05/07/2021
The Xiaoxin Pad Pro 2021 has a 90 Hz and 2.5K display. (Image source: Lenovo)
Lenovo unveils a new flagship tablet with a Qualcomm Snapdragon 870 SoC and a 90 Hz OLED display 05/05/2021
MediaTek is expected to grab a 37 percent chunk of the mobile chipset market in 2021. (Image: MediaTek)
MediaTek will reign supreme in the mobile chip market in 2021, Qualcomm and Samsung to continue trailing 05/05/2021
Multiple educational apps send students' data to third parties, often without their knowledge. (Photo by Kelly Sikkema on Unsplash)
New study finds 60% of apps used by U.S. schools share student data with third parties, sometimes without the users' knowledge 05/05/2021
Researchers claim hackers could leverage the vulnerabilities to target
Intel refutes claim that newly-uncovered Spectre vulnerability variants need patching with performance-leeching fixes 05/04/2021
Qualcomm records a very profitable 2Q2021. (Source: Qualcomm)
Qualcomm's latest quarterly net profit comes in at nearly US$1.8 billion 04/30/2021
The Honor V40's successor may feature a Snapdragon 888 Plus chipset. (Image source: Honor)
Honor is reputedly developing a new flagship smartphone with a Qualcomm Snapdragon 888 Plus chipset 04/28/2021
Computex will go ahead in 2021. (Source: Computex)
AMD, Intel, Qualcomm and more confirm their attendance at Computex 2021 04/13/2021
Qualcomm is looking at TSMC to manufacture some of its upcoming hardware
TSMC to manufacture some of Qualcomm's 5nm and 6nm parts 04/07/2021
2021 could also prove a good year for MediaTek. (Image Source: MediaTek)
MediaTek dethrones Qualcomm, becomes the world's largest mobile SoC supplier of 2020 03/29/2021
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
.170
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 05 > Security researchers claim to find a severe vulnerability that may affect up to 30% of all Android phones worldwide
Deirdre O'Donnell, 2021-05- 9 (Update: 2021-05-10)