• Data Protection

  Vulnerability affects high-end Android phones from Google, Samsung, LG, Xiaomi,

  Posted by Sarah on 9 May 2021 at 8:43 am

  Security researchers have found a critical vulnerability in Qualcomm Snapdragon-powered smartphones that could allow any malicious app to patch the software and, consequently, gain access to the call and text history and record conversations. But Qualcomm has confirmed that it “made fixes available to OEMs” last year in December, and asked users to upgrade their phones.

  According to researchers at Check Point Research, this vulnerability was alarming for nearly all Android phones, including the premium ones from Google, OnePlus, LG, Samsung, and Xiaomi, because Qualcomm’s Snapdragon processors are the ones powering a big chunk of them. The researchers found the vulnerability in the Qualcomm Modem Interface (QMI) software, which is proprietary protocol devices use to communicate between software components of the modem and other peripheral systems, such as cameras, fingerprint sensor. It could allow hackers to patch the software dynamically and bypass the security on the module.

  Although third-party software does not have access to QMI, it can gain special privileges in case the Android phone is compromised. And after a malicious patch is installed to the module, the hacker will gain access to the core properties of the modem and can use them to record conversations, snoop on calls and messages, and peep through the call and SMS history on the Android phone. The track records could contain important SMS, including those from your bank. Check Point researchers have pointed out that the vulnerability in the Qualcomm chipset was available in at least 40 per cent of Android phones, including those from premier brands.

  The vulnerability was specifically found in the Qualcomm Snapdragon 835 processor used inside the Google Pixel 2.

  Sarah replied 3 years ago 1 Member · 0 Replies
• 0 Replies

Log In to Reply