The vulnerability sits on Qualcomm’s Mobile Station Modems (MSM), a series of system on chips embedded in mobile devices which allows them to communicate with the web.
During its investigation, Check Point’s security team discovered a vulnerability in a modem data service that could be used to control it.
The flaw could allow attackers to inject malicious code straight into the modem itself giving them access to the device user’s call history and SMS messages. Even more worrying is that cybercriminals could even exploit the issue to listen to the user’s call conversations.
All manufacturers have now been informed of the glitch. That should mean the problem is now fixed but it’s worth making sure your Android device is fully updated with the latest security downloads.
“We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices,” a Qualcomm spokesperson told BleepingComputer. “Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available.”
• Mobile devices should always be updated to the latest version of the OS to protect against the exploitation of vulnerabilities.
• Only installing apps downloaded from official app stores reduces the probability of downloading and installing mobile malware.
• Enable ‘remote wipe’ capability on all mobile devices. All devices should have remote wipe enabled to minimize the probability of loss of sensitive data.
• Install a security solution on your device.
This post originally appeared on Daily Express :: Tech Feed