Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Security researchers claim to find a severe vulnerability that may affect up to 30% of all Android phones worldwide

Check Point reports a new MSM flaw. (Source: Wikichip)
Check Point reports a new MSM flaw. (Source: Wikichip)
The Qualcomm mobile station modem (MSM) series is part of 3G to 5G connectivity for millions of Android phones worldwide. The Check Point security research group now claims that it can be exploited in a way that might allow a hacker to read a user's messages and even listen in on phonecalls. This flaw involves an interface found on up to 30% of all phones worldwide.
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Qualcomm has been developing its MSM series of modems since the 1990s, and still uses it, even in the latest 5G smartphones. It is ostensibly connected to various services and components for radios, voice-calls and media, and is, thus, a major target for hackers - according to security groups such as Check Point, at least.

The team asserts that one of the weakest bricks in the wall between a hacker and a user's data is Qualcomm real-time OS (or QuRT), which is persistent in all forms of Android and allows this software to communicate with a given MSM via its managemetn interface (QMI).

This interface, present on an estimated 30% of all phones everywhere, can apparently be leveraged in the proof-of-concept hack developed by Check Point in order to demonstrate the new vulnerability (now known as CVE-2020-11292) to Qualcomm.

The chip-maker has responded with claims that it has been addressed as part of a security update pushed back in December 2020. On the other hand, Google has reportedly only just done so as part of its June 2021 security patch. Accordingly, there is a chance some phones on older versions might still be susceptible to the new flaw.

Buy the Dimensity 720-powered Realme V5 5G on Amazon

Source(s)

static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Deirdre O'Donnell
Deirdre O'Donnell - Senior Tech Writer - 4252 articles published on Notebookcheck since 2018
I became a professional writer and editor shortly after graduation. My degrees are in biomedical sciences; however, they led to some experience in the biotech area, which convinced me of its potential to revolutionize our health, environment and lives in general. This developed into an all-consuming interest in more aspects of tech over time: I can never write enough on the latest electronics, gadgets and innovations. My other interests include imaging, astronomy, and streaming all the things. Oh, and coffee.
contact me via: LinkedIn
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 05 > Security researchers claim to find a severe vulnerability that may affect up to 30% of all Android phones worldwide
Deirdre O'Donnell, 2021-05- 9 (Update: 2021-05-10)