silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,165
A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations.
Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips (SoCs) used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi.
"If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones," according to Check Point researchers who found the vulnerability tracked as CVE-2020-11292.
After receiving Check Point's report, Qualcomm developed security updates to address the CVE-2020-11292 security issue and made them available to all impacted vendors two months later, in December 2020.
"Providing technologies that support robust security and privacy is a priority for Qualcomm," a Qualcomm spokesperson told BleepingComputer.
"We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices.
"Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available."
Qualcomm vulnerability impacts nearly 40% of all mobile phones
A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations.
www.bleepingcomputer.com