techno.rentetan.com – A recent vulnerability could be exploited within Qualcomm’s produced telephone chips to allow the user to snoop on callers and text messages to gain access.
The bug that was discovered and revealed on a whopping 30 percent of the world’s phones by the security firm Check Point Research. Qualcomm agreements with major Android phone vendors such as Samsung, Google, Xiamoi, LG, and others to provide chips to millions of devices around the globe.
Researchers say that some 40 per cent of the world’s telephone population has vulnerable chips, but only (“only”) about 30% of telephones worldwide are fitted with a specific interface, the Qualcomm MSM (QMI).
The hardware affected, i.e. the Mobile Station (MSM) modem, is a chip-to-chip system that provides the capacity of most important telephone components. The attack theorized with Check Point would require access to a targeted device’s operating system, but access could be easily carried out using a malicious Trojan app or any other method that would allow an attacker’s sudden entry.
Once an attacker is inside, it can inject malicious code into the modem, the researchers write. Such an attack would hijack the QMI phone, the protocol for communicating between the various software components in the MSM. Such use could provide access to text messages and call history and allow a hacker to listen to user calls. Sometimes, researchers write, they could also access the contents of a SIM card.
“Often cellular modem chips are seen by cyber-attackers as the crown gems, in particular Qualcomm’s chips,” says Yaniv Balmas, Check-Head point’s of Cyber Research. “An assault on the chips in Qualcomm’s modem could affect 100 million mobile phones worldwide negatively. We eventually found that there was a dangerous vulnerability on those chips, which showed how a malicious code could be injected into mobile telephones with the Android OS itself, not detectable,” Balmas said. “My key message is to upgrade your mobile OS to the latest OS.”
The new research led to an official classification of vulnerability that can be found here. Sadly, not all patches for it are yet 100 percent clear. It is not yet 100 percent clear. The industrial patching system operates somewhat trickle-down, with a large distributor like Qualcomm updating, followed by telephone manufacturers that have their own solutions. It is not clear which or how many phone companies have done it yet, according to a report from The Record.
The representative from Check Point told The Record that “Mobile vendors must apply the fix themselves. “Qualcomm says all Android vendors were notified. Who or who didn’t patch is not known.” A spokesman for Qualcomm apparently told Ars Technica that he would recommend that consumers contact their telephone manufacturer in order to understand the patch status of their device.