You can use Qualcomm chips to record calls |
Qualcomm's chip is defective and threatens hundreds of millions of Android phones, according to a report by security firm Check Point.
The report states that hackers can use this vulnerability to read your text messages, eavesdrop on phone calls, and in some cases even unlock your SIM card.
Qualcomm said it has released bug fixes that cell phone manufacturers have encountered, but many cell phone manufacturers may take some time to fix cell phones for most people.
The loophole lies in the MSM cellular modem, which dates back to the early 1990s and is used in 2G, 3G, 4G, and even 5G devices.
Check Point estimates that up to 30% of Android phones worldwide (including top models from Samsung, Google, and Xiaomi) have Qualcomm modem software that contains this vulnerability.
Apple devices or Android phones using chipsets from other manufacturers are not affected.
There is no way to fix this problem yourself other than to install a system update right away.
Check Point recommends that you follow standard Android best practices while waiting for an update, including avoiding using app stores other than the Google Play Store and running antivirus apps for Android.
A representative of the chip manufacturer said, Qualcomm offered repair services to the manufacturer in December 2020, and we encourage users to update their devices when repairs are available.
No recent Android security bulletin (including the May security bulletin published a few days ago) mentioned this CVE-2020-11292 vulnerability.
A Qualcomm representative said: The update was publicly included in the June Android Security Bulletin.
He added: The Check Point attack scheme appears to be unnecessary because it initially includes an Android security hack that provides the attacker with the same text and contact information that can then be obtained by breaking into an MSM modem.
Check Point said: In our experience, these fixes take time to implement, so many phones can still be hacked.
This vulnerability has not been reported, and Check Point ignores many technical details of the vulnerability so that readers of this report cannot test it for themselves.
Check Point said that it is extremely difficult to successfully attack Qualcomm modems from the network side. Hence, we took the opposite method and found that the modem can be hacked by the Android OS itself.
Check Point reported the defect to Qualcomm in October 2020 and told the chip's manufacturer that it would announce the defect in April 2021.