Tuesday, April 16, 2024

The new vulnerability could allow hackers to listen to conversations on millions of Android phones


2 min read

Google and other Android manufacturers are trying to maintain superior security of hardware and software, of varying degrees of intensity.

But the vulnerability in the widely used Qualcomm SoCs discovered today by Check Point Research is particularly alarming. Theoretically, it could allow a malicious application to access software for Qualcomm’s MSM modem chips, giving it access to call and text history or even the ability to record conversations.

The overview of problems in Check Point is extremely technical. But to put it laymanly, vulnerabilities have been found in the links between the Qualcomm Modem Interface (QMI) modem software layer and the debugging service, allowing it to dynamically patch software and bypass common security mechanisms.




Standard standalone apps do not have security privileges to access QMI, but if the more critical aspects of Android were compromised, this attack could be used.

In addition to the vulnerabilities they found, the researchers found that the malicious application could eavesdrop and record an active phone call, receive calls and SMS recordings, or even unlock the SIM card. Check Point estimates that the QMI software detected as vulnerable is present in about 40% of smartphones, with manufacturers including Samsung, Google, LG, OnePlus, Xiaomi and others.




Although the methods for this attack have been described extensively, certain necessary information has been omitted from the report to prevent anyone from easily duplicating the procedure. For now, there is no indication that this method of attack is actually used.

Qualcomm has been aware of this problem since CPR discovered it in October last year and confirmed it as a highly rated vulnerability, passing it on to Android manufacturers using its modems. At the time of writing, the vulnerability has not been fixed, but it is assumed that both Qualcomm and Google are working to incorporate the solution into a future security patch.






Dudescode.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com