Security News > 2021 > May > New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices
2021-05-10 05:41

Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected.

Designed since the 1990s, Qualcomm MSM chips allows mobile phones to connect to cellular networks and allow Android to take to the chip's processor via the Qualcomm MSM Interface, a proprietary protocol that enables the communication between the software components in the MSM and other peripheral subsystems on the device such as cameras and fingerprint scanners.

While 40% of all smartphones today, including those from Google, Samsung, LG, Xiaomi, and One Plus, use a Qualcomm MSM chip, an estimated 30% of the devices come with QMI in them, according to research from Counterpoint.

"Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices as patches become available." The company also said it intends to include CVE-2020-11292 in the public Android bulletin for June.

"Samsung Android devices with Qualcomm chipset are affected by the vulnerability disclosed by Check Point, and Samsung has been releasing patches for affected select Samsung devices since January of 2021," the company said.

"While a number of Samsung devices have already been patched starting in January of 2021, most Samsung devices with an Android Security Patch Level of May 1, 2021 or later, will be considered protected from the disclosed vulnerability."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Qdgjr8ezy4I/new-qualcomm-chip-bug-could-let-hackers.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2020-11292 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qualcomm 2226 0 255 1139 510 1904