Serious Android flaw threatens hundreds of millions of users — what to do
Serious Android flaw threatens hundreds of millions of users — what to practice
A deep-rooted flaw in Qualcomm chips threatens hundreds of millions of Android phones.
The news comes grade Israeli security house Check Indicate in a new report. The security house says hackers could apply the flaw to read your text messages, listen to your phone conversations and in some cases even unlock your SIM card. Qualcomm told Tom's Guide that it has released a gear up for the flaw to handset makers, merely it may still be some fourth dimension before many handset makers push the fix out to most users' phones.
- These are the creepy ads Facebook doesn't want you to meet
- The best Android phones you can buy today
- Plus: Chromebooks only became a lot ameliorate for working from domicile
The vulnerability lies in the Mobile Station Modem (i.e., a cellular modem), which dates dorsum to 1990 and is all the same nowadays in the integrated chipsets of the latest 5G-enabled phones, Bank check Point says.
Check Bespeak estimates that upwards to 30% of Android phones worldwide, including tiptop models fabricated by Samsung, Google, Xiaomi, LG and OnePlus, have the Qualcomm modem software that includes this vulnerability. Other top makers using Qualcomm chips include Asus, Sony and ZTE.
Apple devices or Android phones that use chipsets by other manufacturers are not affected.
What tin you practice almost this Qualcomm flaw?
At that place's not much you can do to gear up this problem yourself other than to install system updates as they come. Bank check Point suggests that while you wait for a gear up, you should follow the standard Android best practices: Avoid app stores other than Google Play, and run one of the all-time Android antivirus apps.
"Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices every bit patches become available," a Qualcomm representative told us.
The catalog number assigned to this flaw, CVE-2020-11292, is not mentioned in whatsoever recent Android security message, including the May Android security bulletin released three days ago. It'due south possible Google has quietly patched it in hugger-mugger, although there are plenty of other "closed-source components" in each month'south updates.
A Qualcomm representative told Tom'southward Guide that the fix would be publicly included in the June Android security message adjacent calendar month.
The Qualcomm representative added that Check Bespeak's assail scenario seems kind of pointless because it would involve breaching Android security first. That would already requite the assaulter the aforementioned kind of information almost texts and calls that could be gleaned from breaking into the MSM modem afterward.
Because each handset maker crafts its own updates for each model, it's possible that manufacturers such equally Samsung or Sony may have bundled the fix for CVE-2020-11292 into its own updates.
"We do not know who patched or not," a Cheque Point representative told Tom's Guide. "From our experience, the implementation of these fixes takes time, so many of the phones are likely nevertheless prone to the threat."
Then if your Qualcomm-using telephone has not had a organization update since November 2020, it's a safe bet that your phone has non been patched against this flaw. If it has had an update since and then, and so it may accept been patched.
Technical details yet under wraps
On the upside, at that place have been no reports of bad guys exploiting this flaw in the wild. Check Point has left out several of the technical details of the vulnerability so that readers of its report won't be able to endeavor information technology themselves.
Qualcomm'south modems are pretty hard to successfully attack from the network side, Check Indicate said. And so the Israeli company'south researchers took the opposite approach and institute they could hack into the modems from the Android operating arrangement itself.
They were able to inject malicious lawmaking into the Qualcomm MSM Interface (QMI), which Check Signal described equally "a proprietary protocol that enables communication between the software components in the MSM and other peripheral subsystems on the device such every bit cameras and fingerprint scanners."
That injected code could let the attackers, or Android malware, read call logs and SMS text letters, and eavesdrop on telephone calls. Depending on the handset manufacturer, who can add additional capabilities to QMI, the flaw could also let attackers unlock the telephone'southward SIM carte du jour.
Android malware could even apply the modem equally a identify to "hibernate" from Android'southward security scanners or Android antivirus software, because one would have access to the modem's depression-level processes.
Check Point notified Qualcomm of this flaw in Oct 2020, and told the bit maker that it would be making the flaw public in Apr 2021. It's non clear why Cheque Signal waited until a few days into May.
- More: The all-time Android antivirus software
Source: https://www.tomsguide.com/news/qualcomm-modem-flaw
Posted by: ricepubjessere.blogspot.com
0 Response to "Serious Android flaw threatens hundreds of millions of users — what to do"
Post a Comment