Qualcomm vulnerability allows listening to conversations on a third of the world's smartphones

Qualcomm vulnerability allows listening to conversations on a third of the world's smartphones

A very serious security vulnerability has been discovered in some Qualcomm chips. It would allow potential attackers to access important personal information of users and listen to their conversations, all in a way that is virtually impossible to detect. The percentage of vulnerable smartphones is dangerously high!

Photo credit - depositphotos .com The vulnerability was discovered by the security experts at Check Point Research and would affect all smartphones using the Qualcomm Mobile Station Modem communication system. The so-called System on a Chip (SoC) allows smartphones to manage calls, SMS, high-quality audio recording and, more generally, is the beating heart of some of the high-end smartphones produced by Google, Xiaomi , Oppo, Samsung, OnePlus, LG and many more.

According to the statistics of Counterpoint Research, included in the report of the company that discovered this vulnerability, 31% of smartphones in the world use Qualcomm's chips .

The vulnerability known as CVE-2020-11292 would be based on a heap overflow problem and could easily be exploited by a malicious app installed on affected smartphones, which would be able to infect the MSM with malicious code. The code, which is virtually impossible to identify, may therefore be able to tap into some of the most important functions of smartphones.

“This means that an attacker could have used this vulnerability to inject malicious code into the modem from Android, gaining access to the device user's call history and SMS, as well as the ability to listen to conversations device user, ”the researchers write. “A hacker can also exploit the vulnerability to unlock the device's SIM, thus overcoming the limitations imposed by service providers on it.”

Check Point representative Ekram Ahmed told Ars Technica colleagues that Qualcomm has already sent a patch to all of its customers using these chips. Like every time we talk about security vulnerabilities or bugs in Android smartphones, however, it remains to be actually seen which smartphones will be updated accordingly and especially when.

“In our experience, the implementation of these fixes requires time, so some of the phones may still be subject to the threat, ”Ekram Ahmed wrote in an email. “As a result, we have decided not to share all the technical details, as it would give hackers a guide on how to orchestrate an attack.”

The new Galaxy A 2021 has arrived! Galaxy A52 features power and a whole new camera, including an IP67 certification. You can buy it here at the best price.