Security issue altered in Qualcomm mobile chip modems
By MYBRANDBOOK
Cyber security researchers have discovered a high-risk security vulnerability in Qualcomm mobile chip responsible for cellular communication in nearly 40 per cent of the high-end phones offered by Google, Samsung, LG, Xiaomi and OnePlus.
According to CheckPoint Research, if exploited, the vulnerability in Qualcomm mobile station modem (MSM) would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations. Vulnerability also could have potentially allowed an attacker to unlock a mobile device's SIM.
Qualcomm has confirmed the bug and fixed the issue and mobile players are notified. The chip-maker classified the high-rated vulnerability as CVE-2020-11292, notifying the relevant device vendors. Qualcomm provides a wide variety of chips that are embedded into devices that make up over 40 per cent of the mobile phone market.
According to Counterpoint Research, Qualcomm's Mobile Station Modem is a system of chips that provides capabilities for things like voice, SMS, and high-definition recording, mostly on higher-end devices.
The Check Point team found that if a security researcher wanted to implement a modem debugger to explore the latest 5G code, the easiest way to do that is to exploit MSM data services through QMI so could a cybercriminal, of course.
In a blog post they said, "During our investigation, we discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor. This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user's call history and SMS, as well as the ability to listen to the device user's conversations.”
A hacker can also exploit the vulnerability to unlock the device's SIM, thereby overcoming the limitations imposed by service providers on it.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Dr. Sanjay Bahl
Dr. Sanjay Bahl has around four decades of experience in the ICT indus...
ICONS OF INDIA : RAMESH NATRAJAN
Ramesh Natarajan, CEO of Redington Limited, on overcoming ‘technolog...
Icons Of India : Girish Mathrubootham
Girish Mathrubootham is the Founder of Freshworks (previously known ...
C-DAC - Centre for Development of Advanced Computing
C-DAC is uniquely positioned in the field of advanced computing...
IREDA - Indian Renewable Energy Development Agency Limited
IREDA is a specialized financial institution in India that facilitates...
NIC - National Informatics Centre
NIC serves as the primary IT solutions provider for the government of ...
Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy
Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...
Indian Tech Talent Excelling The Tech World - Anirudh Devgan , President, Cadence Design
Anirudh Devgan, the Global President and CEO of Cadence Design Systems...
Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology
Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...