Many Mobile Devices Contain A Chip With A Security Risk

May 21, 2021

Written by wukovits

Smart phone written with scrabble tiles

A new, high severity vulnerability has been found in Qualcomm’s MSM (Mobile Station Modem) chips, including the company’s latest 5G-capable versions. The security issue could allow hackers to access a user’s call history, text messages, and even listen in on their conversations.

Unfortunately, given the ubiquity of these chips in today’s smartphones, this flaw impacts some 40 percent of the phones in use today. That is including phones offered by some of the biggest vendors on the market today, including, but not limited to LG, OnePlus, Google, and Samsung.

Researchers at Check Point discovered the vulnerability, which is being tracked as CVE-2020-11292.

Yaniv Balmas, the head of Cyber Research at Check Point, had this to say about the issue:

We ultimately proved a dangerous vulnerability did in fact exist in these chips, revealing how an attacker could use the Android OS itself to inject malicious code into mobile phones, undetected.

Going forward, our research can hopefully open the door for other security researchers to assist Qualcomm and other vendors to create better and more secure chips, helping us foster better online protection and security for everyone.”

For their part, Qualcomm has acted quickly and responsibly. They have been providing security updates designed to address the flaw, and making them available to all vendors using the chips in December 2020.

What that means to the average end user is that if you have a newer device that’s still receiving regular system and security updates, you should be protected. However that still leaves legions of cellphone users potentially vulnerable. For instance, according to industry data, some 19 percent of Android devices in use today are still running Android Pie (9.0), which was released in August 2018, and about 9 percent are using Android 8.1 (Oreo), which was released in 2018.

If you’re one of the users still relying on these older versions, you’ll want to make sure to manually grab the latest update to be sure you’re protected.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon