According to the latest sources, the latest bug has been discovered in the Qualcomm chips that have the potential of affecting 30 percent of all Android phones in the world. Security researchers indicate that the vulnerability in the 5G modem data service allows hackers to remotely target Android users, inject malicious code in a phone’s modem, and gain the ability to execute code.
According to Check Point Research, the bug (CVE-2020-11292) exists in the Qualcomm Mobile Station Modem (MSM) Interface. MSM are the SoCs developed by Qualcomm and the QMI is a proprietary protocol that allows a modem’s software components and other subsystems to communicate with each other. And the devastating news is that the MSMs have been used in the 2G era and an impending bug could cause devastating damage.
The security research firm stated that QMI is used in around 30 percent of the world’s smartphones, and hackers can attack the device remotely using a trojanized Android application.
“The vector involves a target installing a malicious application. Assuming a malicious application is running on the phone, it can use this vulnerability to ‘hide’ itself within the modem chip, making it invisible in terms of all security measures on phones today.”
The security firm has restrained itself from sharing any more details about the bugs as it fears that it could allow the hackers to exploit all those devices using the information it posted. Upon further investigation, the security researchers attempted to attack the chip from within the phone itself and discovered that the vulnerability can ‘unlock’ a phone that is carrier locked by playing around with the modem.
Sources indicate that Qualcomm is well aware of the problem and has issued a fix, however, it is being reported that the fix will take time to reach the customers. The reason behind this being that vendors like Samsung, Xiaomi, OnePlus, and others will have to apply the fix for its customers themselves through a routine security update. And we are well aware as to how much time it takes for the OEMs to deliver their security updates, I am still waiting for mine by the Asus, you hearing me damn it!
“Qualcomm says it has notified all Android vendors, and we spoke to a few of them ourselves. We do not know who was patched or not. From our experience, the implementation of these fixes takes time, so many of the phones are likely still prone to the threat.”