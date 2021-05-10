Check Point has discovered a vulnerability in Qualcomm modems present in most Android phones. The cybersecurity company indicates that the flaw, if exploited, allows attackers view text messages and record calls, among other things. The chip developer claims that it has already made a correction available to its customers. Now, the solution to the problem is in the hands of mobile manufacturers, who must release a patch for their users.

The security flaw is present in the mobile station modem (MSM), an element of the integrated chip system (SoC) of the American brand. Is about a Qualcomm design dating back to the 1990s and providing support for 2G, 3G, 4G and even 5G networks. According to the Check Point statement, attackers could inject malicious code through the QMI protocol, which manages communications between the modem and peripherals.

As expected, the applications do not have privileges to access a critical component such as Qualcomm’s QMI, but Attackers could use the newly discovered vulnerability to dynamically patch software and bypass common security systems. In this way they could access the call history, text messages, run conversation recordings and even unblock the operator’s SIM card restrictions.

40% of Android phones have vulnerable Qualcomm software

Check Point estimates that Vulnerable QMI software is present in approximately 40% of smartphones. We are talking about terminals from brands such as Samsung, Google, LG, OnePlus, Xiaomi, among others. In a statement to Tom’s Guide, Qualcomm has confirmed the vulnerability. The manufacturer has indicated that the security update that ends the problem has been available since December 2020 for mobile manufacturers.

Samsung has been one of the first to echo this situation. In an official statement they have specified that most phones already have a patch that fixes the problem, so users are encouraged to update. It is not clear that other manufacturers have already released patches. In any case, it is essential to have the mobile updated with the latest version of Android.

Read this too …