Mobile Devices Contain A Chip With A Security Risk. A new, high severity vulnerability is in Qualcomm’s MSM (Mobile Station Modem) chips, including the company’s latest 5G-capable versions. The security issue could allow hackers to access a user’s call history, text messages, and even listen in on their conversations.
Unfortunately, given the ubiquity of these chips in today’s mobile devices, this flaw impacts some 40 percent of the phones in use today. That is including mobile devices offered by some of the biggest vendors on the market today, including, but not limited to LG, OnePlus, Google, and Samsung.
Researchers at Check Point discovered the vulnerability, which is tracking as CVE-2020-11292.
Yaniv Balmas, the head of Cyber Research at Check Point, had this to say about the issue:
“We ultimately proved a dangerous vulnerability did exist in these chips, revealing how an attacker could use the Android OS itself to inject malicious code into mobile phones, undetected.
Our research can hopefully open the door for other security researchers to assist Qualcomm and other vendors to create better and more secure chips, helping us foster better online protection and security for everyone.”
For their part, Qualcomm has acted quickly and responsibly. Qualcomm provide security updates with designs to address the flaw and make them available to all vendors using the chips in December 2020.
That means to the average end-user that if you have a newer device that’s still receiving regular system and security updates, you should be protected. However, that still leaves legions of cellphone users potentially vulnerable. For instance, according to industry data, some 19 percent of Android devices today are still running Android Pie (9.0), from August 2018, and about 9 percent are using Android 8.1 (Oreo), which was also from 2018.
If you’re one of the users still relying on these older versions, you’ll want to make sure to manually grab the latest update to be sure you’re protected.