An Estimated 30% of All Smartphones Vulnerable To New Qualcomm Bug
Thursday May 6, 2021. 04:41 PM , from Slashdot
Around a third of all smartphones in the world are believed to be affected by a new vulnerability in a Qualcomm modem component that can grant attackers access to the device's call and SMS history and even audio conversations. From a report: The vulnerability -- tracked as CVE-2020-11292 -- resides in the Qualcomm mobile station modem (MSM), a chip that allows devices to connect to mobile networks. First designed in the early 90s, the chip has been updated across the years to support 2G, 3G, 4G, and 5G cellular communications and has slowly become one of the world's most ubiquitous technologies, especially with smartphone vendors.
Devices that use Qualcomm MSM chips today include high-end smartphone models sold by Google, Samsung, LG, Xiaomi, and OnePlus, just to name a few. But in a report published today by Israeli security firm Check Point, the company said its researchers found a vulnerability in Qualcomm MSM Interface (QMI), the protocol that allows the chip to communicate with the smartphone's operating system. Researches said that malformed Type-Length-Value (TLV) packets received by the MSM component via the QMI interface could trigger a memory corruption (buffer overflow) that can allow attackers to run their own code.
Read more of this story at Slashdot.
Aug, Mon 2 - 17:19 CEST