New flaw in Qualcomm chipsets puts 30% of all Android users at risk
Every now and then, we come across the news about chipset vulnerabilities. Well, adding to the list is a modem-based security flaw in Qualcomm chipsets that can be exploited simply by sending a well-crafted SMS. A research company in Israel discovered this flaw in the Qualcomm chipsets, which powers millions of phones worldwide.
Qualcomm chipset flaw:
Mobile System Modem (MSM) is a technology that has been found on Qualcomm chipsets since the 1990s. According to Check Point Research, exploiting this, hackers can target a mobile device simply by sending an SMS. And this has long been a subject of interest in security research.
Furthermore, MSM is still present in today’s Qualcomm chipsets including the latest 5G-ready ones. They are used by some of the world’s largest smartphone manufacturers such as Samsung, Xiaomi, OnePlus, Oppo, and others. According to the security company, up to 30% of all Android phones contain the Qualcomm modem software that contains this weakness.
Attackers only need to send a specially designed SMS to gain possession of the device; granting it permission to read messages, view the phone’s call history, and even unlock the SIM card. Devices that do not receive security patch fixes on a regular basis are on the radar of this flaw.
After the flaw was brought to light, a Qualcomm spokesperson confirmed that the company is aware of the issue and has already released a patch. Qualcomm representative reports to Tom’s Guide as “Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available.”
However, the flaw’s catalog number, CVE-2020-11292, is not listed in any recent Android security bulletin. Even so, it is possible that Google used it in a previous security update without listing it in the bulletin. According to Qualcomm, the issue will be addressed publicly in the June 2021 security update. Thankfully, GSMArena has pointed out that Samsung has already patched this vulnerability in many of its Galaxy devices.
So, it is critical that practically every Android smartphone manufacturer push out an update fixing this issue ASAP. But unfortunately, we know not every OEM can or will do this. Only a handful of companies push updates on a regular basis. And regardless of any brand, this issue affects all Snapdragon-powered phones.
- Meanwhile, check out our long-term review of Samsung Galaxy A52.