According to Israeli security firm Check Point Research, A bug in Qualcomm’s Mobile Station Modem has been detected, affecting millions of Android phones worldwide. Hackers may exploit the bug to read your text messages, listen in on phone calls, and, in some cases, unlock your SIM card. According to Check Point, the Mobile Station Modem has been an important part of Qualcomm’s chip since the early 1990s and is now present in some of the more recent 5G chipsets.
The bug has been detected on some of the most recent phones from Xiaomi, Google, LG, Samsung, OnePlus, among others. This suggests that it could influence the vast majority of Android smartphones globally. Qualcomm told Tom’s Guide that it has issued a patch for the bug to smartphone manufacturers, but it could be some time before other consumers’ phones receive the fix. According to the research company, up to 30% of all Android phones contain vulnerable Qualcomm modem software.
According to the analysis, hackers will use the loophole to “inject malicious code into the modem from Android, giving the intruder access to the user’s call history and SMS, as well as the opportunity to listen in on the user’s conversations.” As previously said, attackers will use the flaw to unlock the SIM card and circumvent any limits imposed by service providers.
Qualcomm is aware of the flaw and has already released a patch. A spokesperson for the San Diego chipset manufacturer said in a statement: “Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available.”
However, the vulnerability’s catalog number — CVE-2020-11292 — has not been found in any Android updates released since 2020, although Google could have included it in a security update without listing it in the bulletin. A Qualcomm representative stated that the issue would be addressed in the June 2021 security update.