Snapdragon chip flaw puts Android users at risk of data theft

A flaw in Qualcomm's modem chips could allow an attacker to access sensitive information like call and SMS history


According to research published by Check Point, nearly 40 percent of the world’s Android devices currently have a vulnerability that could grant hackers access to SMS messages and phone conversations.

Check Point found the flaw in Qualcomm’s Mobile Station Modem (MSM) and in Android’s ability to communicate with the MSM through the Qualcomm MSM Interface (QMI). Qualcomm’s MSM is a series of chips used to connect to 2G, 3G, 4G and 5G systems.

Attackers could use Android itself to inject malicious code, while apps could use the vulnerability to hide their activity within the modem and effectively make it invisible to security features Android uses to detect malicious activity.

Once an attacker has access, they could view the users’ SMS history, call history, and even listen in on real-time conversations. Hackers could also use the exploit to unlock a device’s SIM card.

Check Point notes that Qualcomm confirmed the issue, defined it as a high-rated vulnerability and recorded it as CVE-2020-11292. Bleeping Computer notes that Qualcomm made security patches available to vendors in December 2020, although it does not appear to have made it into a monthly Android security patch yet.

Here are a few tips based on Check Point’s recommendations to keep your device safe:

  1. Always run the latest version of the OS to protect your device against vulnerabilities and exploits.
  2. Always install apps from official app stores or other credible sources.
  3. To reduce the possibility of sensitive data loss, all your devices should have remote wipe enabled.
  4. Install an anti-virus software on all of your devices, such as CIRA Canadian Shield.

Source: Check Point, Bleeping Computer