Discovered at the end of last year, a flaw in a component present in Qualcomm’s Snapdragon SoCs could affect up to 40% of mobiles released between 2007 and 2018. It concerns the modem of Android smartphones and could allow access the data.
There are 3 billion users ofon the planet. Among these mobiles, 40% are powered by chips from the American founder Qualcomm. We thus find its very high-end on premium smartphones, such as from , the from the range and among the star models of the Chinese Xiaomi and , for example.
With such a presence, the slightest vulnerability of these chips can affect as many users as possible. And precisely, the “Research” entity of the Israeli cybersecurity company CheckPoint, has just published ain which it reveals that its researchers discovered, at the end of 2020, a big flaw in the modems of the SoC . Known as mobile station modems (MSM), this type of modem has been around almost since the early days of mobile telephony. It also supports voice communications, SMS, 4G LTE and .
If you have an Android smartphone released between 2007 and 2018, the probability that it is affected by this flaw is high.
However, this modem has always been targeted by hackers because it represents an ideal entry point to access mobile data. With a breach, a simple SMS, or a packet of data exchanged with the device, could make it possible to take control of it. Because it must be added that, with Android, the system can communicate with this MSM chip and all of the phone’s peripherals, such as cameras,imprint , etc. If you have an Android smartphone released between 2007 and 2018, the probability that it is affected by this flaw is high.
A discreet and formidable takeover
To communicate, Android uses an MSM chip management interface called QMI and developed by Qualcomm. However, it is she who presents theand the researchers discovered that the hackers could very well exploit this flaw to reprogram the modem by injecting it with malicious code. With this subterfuge, the hacker can then access the call history and SMS of the user of the device as well as listen to the conversations of the latter. He can also exploit this vulnerability to unlock the and thus bypass the limitations imposed on it by service providers. All in a totally undetectable way.
A priori, this vulnerability has not yet been exploited and CheckPoint alerted Qualcomm who immediately created a patch to close the breach. All the mobile phone suppliers have also been informed and all that remains is to wait for the updates to be deployed and, above all, to apply them. It remains to be seen whether they will offer the patch on the old models. Anyway, on his, the security company does not disclose the details of attack techniques to give vendors some time to implement a fix.
This is not the first time that a flaw has affected elements of Qualcomm’s Snapdragon SoC. Last summer Check Point Research had already discovered more than 400 vulnerabilities on the chip(Digital Signal Processor) of Qualcomm, in other words, the chip that processes certain operations on the smartphone in order to lighten the tasks of the related to audio and video streams, and reduce the consumption of . In any case, it is better to check today if any updates are available from the settings of the smartphone.
What you must remember
- Modems integrated into the Snapdragon SoCs of Android smartphones suffer from a flaw.
- The vulnerability could result in the collection of personal data by a hacker.
- Sometimes you have to wait for the operators to deliver the updates.