A Newly Detected Qualcomm Vulnerability Affects Almost One In Three Phones

Source: Ars Technica A Newly Detected Qualcomm Vulnerability Affects Almost One In Three Phones

Oh Jeez …

There is a flaw in Qualcomm’s Mobile Station Modem, a component in a vast number of Android phones from Google, Samsung, LG, Xiaomi, and OnePlus.  The vulnerability is not in just one chip, the effected system handles a variety of tasks including voice, SMS, SIM unlocking and even some high-definition recording.  This made the fix somewhat complex, while Qualcomm provided fixes to the companies back in December but as of yet those companies are not pushing it out to devices.  The good news is that it will be part of the public June Android bulletin which should help with distribution.

The vulnerability is a heap overflow, which a malicious app could take advantage of to access the Qualcomm Mobile Station Modem and inject code into it.  Unfortunately for users this code could well be undetectable and remain even after the malicious app was uninstalled.  Once the code is running it would allow the attacker almost complete access to the microphone on the device, access to texts and could well even let them unlock the SIM to get around any limits your provider applies to their service.

Keep an eye out for updates, and install them as soon as you can since it is not clear which models can fall victim to this attack, nor which are already patched.

Makers of high-end Android devices are responding to the discovery of a Qualcomm chip flaw that researchers say could be exploited to partially backdoor about a third of the world’s smartphones.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!