viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Fix for critical Qualcomm chip flaw is making its way to Android devices
Technology

Fix for critical Qualcomm chip flaw is making its way to Android devices

06/05/2021

Fix for critical Qualcomm chip flaw is making its way to Android devices

Getty Images

Makers of high-end Android devices are responding to the discovery of a Qualcomm chip flaw that researchers say could be exploited to partially backdoor about a third of the world’s smartphones.

The vulnerability, discovered by researchers from security firm Check Point Research, resides in Qualcomm’s Mobile Station Modem, a system of chips that provides capabilities for things like voice, SMS, and high-definition recording, mostly on higher-end devices made by Google, Samsung, LG, Xiaomi, and OnePlus. Phone-makers can customize the chips so they do additional things like handle SIM unlock requests. The chips run in 31 percent of the world’s smartphones, according to figures from Counterpoint Research.

The heap overflow the researchers found can be exploited by a malicious app installed on the phone, and from there the app can plant malicious code inside the MSM, Check Point researchers said in a blog post published Thursday. The nearly undetectable code might then be able to tap into some of a phone’s most vital functions.

“This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations,” the researchers wrote. “A hacker can also exploit the vulnerability to unlock the device’s SIM, thereby overcoming the limitations imposed by service providers on it.”

Advertisement

Fixes take time

Check Point spokesman Ekram Ahmed told me that Qualcomm has released a patch and disclosed the bug to all customers who use the chip. Because of the intricacies involved, it’s not yet clear which vulnerable Android devices are fixed and which ones aren’t.

“From our experience, the implementation of these fixes takes time, so some of the phones may still be prone to the threat,” he wrote in an email. “Accordingly, we decided not to share all the technical details, as it would give hackers a roadmap on how to orchestrate an exploitation.”

Qualcomm representatives weren’t available on Wednesday evening to answer questions.

The vulnerability is tracked as CVE-2020-11292. Check Point discovered it by using a process known as fuzzing, which exposed the chip system to unusual inputs in an attempt to find bugs in the firmware. Thursday’s research provides a deep dive into the inner workings of the chip system and the general outline they used to exploit the vulnerability.

The research is a reminder that phones and other modern-day computing devices are actually a collection of dozens if not hundreds of interconnected computing devices. While successfully infecting individual chips typically requires nation-state-level hacking resources, the feat would allow an attacker to run malware that couldn’t be detected without time and money.

“We believe this research to be a potential leap in the very popular area of mobile chip research,” Check Point researchers wrote. “Our hope is that our findings will pave the way for a much easier inspection of the modem code by security researchers, a task that is notoriously hard to do today.”

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

This time, for sure! Ars Technica’s 2020 Deathwatch
Enlarge / If your company makes the Ars Deathwatch, there …

This time, for sure! Ars Technica’s 2020 Deathwatch

Intuition Robotics raises $36 million to bring AI companions to everyone
Israeli robotics startup Intuition Robotics has raised $36 million in a …

Intuition Robotics raises $36 million to bring AI companions to everyone

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Uber drivers sue for data on secret profiling and automated decision-making
    Uber drivers union asks EU court to …
    26/10/2020
  • Researchers design virtual environment to spur development of helpful home robots
    Researchers design virtual environment to spur development …
    25/10/2020
  • Analogue Pocket questions answered: Sleep mode, scaling, and more
    Analogue Pocket questions answered: Sleep mode, scaling, …
    27/07/2020
  • The RetroBeat: — Ratchet & Clank Future: A Crack in Time is the franchise at its best
    The RetroBeat: — Ratchet & Clank Future: …
    29/08/2020
  • T-Mobile’s mid band 5G is too rare, but fairly fast if you find it
    T-Mobile’s mid band 5G is too rare, …
    30/10/2020

Popular Posts

  • Nvidia hid how many GPUs it was selling to cryptocurrency miners, says SEC
    Crypto-driven GPU crash makes Nvidia miss Q2 …
    08/08/2022 0
  • 10 Most Successful Infomercials Ever – Listverse
    11/07/2022 0
  • 10 Menu Hacks from Your Favorite Fast …
    12/07/2022 0
  • 10 Artistic Masterpieces Created Super Fast – …
    12/07/2022 0
  • Russian ‘hacktivists’ are causing trouble far beyond Ukraine
    Russian ‘hacktivists’ are causing trouble far beyond …
    12/07/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh