As we all know, Android is not much secure as compare to Apple. But Google and Android developers giving their best efforts for improving their technology but there is always a chance of vulnerability.
After BLURtooth vulnerability, researchers have found a new vulnerability in Qualcomm Chips or Modems. These chips are integrated into millions of smartphones like Samsung, Google, Xiaomi, Sony, and LG phones etc.
Qualcomm Chips
The phones that are integrated with this modem provide all processing capabilities, device management, and all networking functions. The first of this kind of chip comes in 1990 and now it is present in almost 40% of smartphones. So, think this vulnerability would be present in all these phones.
Vulnerability of Qualcomm Chip
The Check Point Research firm identified that the Qualcomm chips have flaws of almost 400 last year and they have reported to Qualcomm company in October. They track this vulnerability as CVE-2020-11292 and they labeled it as “high rated vulnerability”.
According to Qualcomm Company, patches are sent to the smartphone makers at the end of 2020. And they have resolved the issues. Recently they again discovered new vulnerabilities. Slava Makkaveev Security Researcher of Check Point highlighted the security flaw in the Qualcomm Mobile Station Modem Interface which can be used to control the modem and dynamically patch in the application processor in his post on Blogspot.
How can attackers take advantage of this vulnerability?
Attackers can inject the malicious code or unlock the SIM or use an app installed in the system. Through these attacks, users’ SMS and call history can be accessed, as well as they can also listen to the conversations of phone calls. They can bypass the security of the device that is set by the Google and smartphone manufacturers.
How Check Point found the vulnerability?
Check Point Researchers used a process known as fuzzing on Mobile Station Modem(MSM) services to check if there any way to inject any malicious code to the Qualcomm real-time OS (QuRT).
The QuRT is responsible for managing MSM and it is made sure that is not accessible to even rooted Android devices. Through this process, they found vulnerabilities in the chip.
In end, we can say that the bug is resolved and the full disclosure of the bug to the public will be in the June Android Security Bulletin. But we don’t know that this issue is resolved or not so let us wait and see. Through these vulnerabilities of Android people also thinking that Apple phones are providing much security to their customers.
2 Comments
Pingback: New WiFi vulnerability leaves millions of devices open to 'frag attacks', here's how to be safe from them - Craffic
Pingback: 23 Android Apps exposed Personal Data of 100 million Android users - Craffic