Android users are being warned about a fresh attack on these popular smartphones that could allow hackers to view private text messages and even listen in on personal phone calls. Many of the most recent Android attacks have come via fake or malicious apps which, once downloaded, set about taking over devices. However, this new warning is much more concerning as it involves actual components tucked inside the device itself.
Security researchers at Check Point say they have discovered a flaw in a modem created by US tech giant Qualcomm. A whole host of devices including flagship phones from Samsung, OnePlus and Google use Qualcomm technology with this flaw thought to impact around 40 percent of the world’s Android handsets.
The vulnerability sits on Qualcomm’s Mobile Station Modems (MSM), a series of system on chips embedded in mobile devices which allows them to communicate with the web.
During its investigation, Check Point’s security team discovered a vulnerability in a modem data service that could be used to control it.
The flaw could allow attackers to inject malicious code straight into the modem itself giving them access to the device user’s call history and SMS messages. Even more worrying is that cybercriminals could even exploit the issue to listen to the user’s call conversations.
Check Point said it disclosed the information found in this investigation to Qualcomm, with the company confirming the issue and defining it as a high-rated vulnerability.
All manufacturers have now been informed of the glitch. That should mean the problem is now fixed but it’s worth making sure your Android device is fully updated with the latest security downloads.
“We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices,” a Qualcomm spokesperson told BleepingComputer. “Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available.”
Along with this report, Check Point has also released some information aimed at helping users stay safe with advice including:
• Mobile devices should always be updated to the latest version of the OS to protect against the exploitation of vulnerabilities.
• Only installing apps downloaded from official app stores reduces the probability of downloading and installing mobile malware.
• Enable ‘remote wipe’ capability on all mobile devices. All devices should have remote wipe enabled to minimize the probability of loss of sensitive data.
• Install a security solution on your device.
Published at Thu, 06 May 2021 16:08:54 +0000