According to Android Police, there is a new modem vulnerability affecting Android phones. The new Qualcomm modem vulnerability was found by Check Point Research. It has the ability to allow malicious third-party apps to gain access to call and text history. There is even a chance they could record conversations.
The overall vulnerability is very technical. But the vulnerability is able to dynamically patch the software and bypass the usual security mechanisms. This a major problem. Recently, Android was ravaged by another security vulnerability. That one involved a text message.
However, this one utilizes the Qualcomm Modem Interface software layer allows this vulnerability to work. Hardware vulnerabilities are more dangerous than other ones. Researchers say that a malicious app can listen in to and record active phone calls.
The app could even gain access to SMS records. In addition, it could even unlock a SIM card. Sometimes vulnerabilities can affect only certain manufacturers. This is not the case with this one. OnePlus, Samsung, LG, Xiaomi, and other OEMs are affected. This isn’t too surprising though. Qualcomm is the main SoC provider for a lot of manufacturers.
From flagship devices to entry-level phones, Qualcomm powers a lot of devices. Research suggests that 40% of smartphones can fall prey to this vulnerability. Android has billions of users worldwide. So at 40% a lot of devices can fall prey to this vulnerability.
New Qualcomm modem vulnerability is present in 40% of devices.
Check Point Research only gave a broad example of how this works. The organization wants to keep how it actually works under wraps. This is a good idea. Since the organization was the first one to find the vulnerability and how it works, they have the chance to how it works a secret.
Qualcomm acknowledged the vulnerability that has been around since October. Vulnerabilities like this that are really serious can be hard to patch at times. Android Police received a statement from a Qualcomm representative.
The representative said “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices. Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available.”
The good news is that because the vulnerability is hard to exploit there is no indication that it has been used. Although 40% of smartphones are vulnerable it appears that nobody has actually used the vulnerability.
Qualcomm did say that they have been in contact with OEMs. As a result, Android OEMs have issued updates that patch this vulnerability.