Monday, June 27, 2022

Slide Slide
Home Mobile Phones High-risk security vulnerability discovered in Qualcomm mobile chip

High-risk security vulnerability discovered in Qualcomm mobile chip

The high-risk security vulnerability has been classified as CVE-2020-11292 by the chip-maker, notifying the relevant device vendors

High-risk security vulnerability has been discovered by cyber-security researchers in Qualcomm mobile chip responsible for cellular communication in nearly 40 per cent of the high-end phones offered by Google, Samsung, LG, Xiaomi and OnePlus.

The high-risk security vulnerability in Qualcomm mobile station modem (MSM), if exploited, would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations, according to Check Point Research.

According to the cyber-security firm, the high-risk security vulnerability also could have potentially allowed an attacker to unlock a mobile device’s SIM.

Qualcomm has confirmed the bug and fixed the issue and mobile players are notified, as per the researchers.

The high-risk security vulnerability has been classified as CVE-2020-11292 by the chip-maker, notifying the relevant device vendors.

A wide variety of chips are provided by Qualcomm that are embedded into devices making up over 40 per cent of the mobile phone market.

Providing capabilities for things like voice, SMS, and high-definition recording, mostly on higher-end devices, Qualcomm’s Mobile Station Modem is a system of chips, according to Counterpoint Research.

“Phone-makers can customise the chips so they do additional things like handle SIM unlock requests. The chips run in 31 per cent of the world’s smartphones”, as per figures from Counterpoint Research.

The Check Point team found that if a security researcher want to implement a modem debugger to explore the latest 5G code, the easiest way to do that is to exploit MSM data services through QMI so could a cybercriminal, of course.

“During our investigation, we discovered high-risk security vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor”, they said in a blog post on Thursday.

“This means an attacker could have used this high-risk security vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations”, they added.

A hacker can also exploit the high-risk security vulnerability to unlock the device’s SIM, thereby overcoming the limitations imposed by service providers on it.

“Mobile devices should always be updated to the latest version of the OS to protect against the exploitation of vulnerabilities. Only installing apps downloaded from official app stores reduces the probability of downloading and installing a mobile malware”, the researchers added.

In August 2020, Check Point Research found over 400 vulnerabilities on Qualcomm’s Snapdragon DSP (Digital Signal Processor) chip that threatened the usability of mobile phones.

Also read:Robots becoming an important part of the marketing industry

Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

khushbu Soni CIO News Mercadeo
Khushbu Sonihttps://www.cionews.co.in
Chief Editor - CIO News | Founder & CEO - Mercadeo

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -1x1 banner1x1 banner1x1 banner1x1 banner

Most Popular

Fortinet Global Survey Uncovers Critical OT Security Challenges

93% of OT Organizations Experienced an Intrusion in Past 12 Months, and 78% Experienced More than Three Bangalore, India, June 27, 2022: Vishak Raman, Vice...

Advanced manufacturing and automation center opened by Ivy Tech

The Larry & Judy Garatoni Center for Advanced Manufacturing and Automation is the newest addition to the Ivy Tech Community College’s Elkhart County location A...

Drone tech lessons to be included in school syllabus

To increase industry players in the drone sector in the future, the Science, Technology and Innovation Minister said his ministry would work closely with...

Vi evaluating Metaverse opportunities

Deep engagement will be enabled by Metaverse in genres such as gaming, entertainment, retail, education, e-commerce, and social networking To enhance customer experience, Vodafone Idea...

Recent Comments