Security experts from Check Point Research have discovered a serious vulnerability in Qualcomm modems that could affect millions of Android devices.
What does it mean?
The SMU-2020–11292 vulnerability concerns Mobile Station Modern modems. These are systems-on-a-chip developed by the company that is used for voice calls and SMS. The bug also uses the Qualcomm MSM Interface (QMI), a protocol that allows the software components of the modem and other subsystems to communicate with each other.
QMI is used on about 30% of Android gadgets worldwide. Theoretically, hackers can attack any of these devices, but the user needs to install a special application with a Trojan. After the launch, the malicious code will hide in the modem chip and will not be visible, and hackers will be able to listen to calls, read SMS, and perform other actions remotely.
What to do?
Qualcomm said it was aware of the problem and had already released a fix. But patches may not spread as quickly as we would like, because they still have to be implemented in their firmware by gadget manufacturers.
“Providing technologies that support robust security and privacy is a priority for Qualcomm. We thank the security researchers at Check Point for using standard methods of coordinated disclosure of information. Qualcomm Technologies has already provided OEMs with all the necessary patches in December 2020, and we encourage end-users to update their devices as new patches become available, ” Qualcomm said in a statement.
Source: Check Point Research