blog

Many Mobile Devices Contain A Chip With A Security Risk

Written by Securafy Team | May 21, 2021 3:00:00 PM

A new, high severity vulnerability has been found in Qualcomm's MSM (Mobile Station Modem) chips, including the company's latest 5G-capable versions. The security issue could allow hackers to access a user's call history, text messages, and even listen in on their conversations.

Unfortunately, given the ubiquity of these chips in today's smartphones, this flaw impacts some 40 percent of the phones in use today. That is including phones offered by some of the biggest vendors on the market today, including, but not limited to LG, OnePlus, Google, and Samsung.

Researchers at Check Point discovered the vulnerability, which is being tracked as CVE-2020-11292.

Yaniv Balmas, the head of Cyber Research at Check Point, had this to say about the issue:

"We ultimately proved a dangerous vulnerability did in fact exist in these chips, revealing how an attacker could use the Android OS itself to inject malicious code into mobile phones, undetected.

Going forward, our research can hopefully open the door for other security researchers to assist Qualcomm and other vendors to create better and more secure chips, helping us foster better online protection and security for everyone."

For their part, Qualcomm has acted quickly and responsibly. They have been providing security updates designed to address the flaw, and making them available to all vendors using the chips in December 2020.

What that means to the average end user is that if you have a newer device that's still receiving regular system and security updates, you should be protected. However that still leaves legions of cellphone users potentially vulnerable. For instance, according to industry data, some 19 percent of Android devices in use today are still running Android Pie (9.0), which was released in August 2018, and about 9 percent are using Android 8.1 (Oreo), which was released in 2018.

If you're one of the users still relying on these older versions, you'll want to make sure to manually grab the latest update to be sure you're protected.