A big threat is looming over millions of phones.
Through firmware bug in Qualcomm modem, attacker can install any spyware in user’s phone which is used in cyber espionage nowadays, that too without your knowledge.
A Check Point Research report has found a bug in connectivity with the modem in Qualcomm powered phones, putting all Android phones running on this system on chip (SOC) at risk of cyber or phishing attacks. In this report, a new flaw in the Qualcomm mobile station modem infrastructure has been uncovered by Check Point Research. According to the Cyber Security Organization, Qualcomm Modem Interface (QMI) software, which was a critical security bug in this firmware debugger and updater service, could bypass standard security and verification systems.
It is normal for any software to have a bug, but which module the bug is in makes that bug important. If the bug is in the authentication or verification module of the software, then through this bug the cyber attacker can gain root level access to the software. That is why the impact of such bugs is also serious. In such a situation, due to such a flaw in the System on Chip (SoC), the hacker can listen to the things happening on your phone.
Can record your calls, retrieve call logs and message logs, and even lock and unlock your SIM. Through a firmware bug in a Qualcomm modem, an attacker can install spyware on a user’s phone. Which is useful in cyber espionage nowadays, that too without your knowledge.
Even before this, a bug was revealed by Check Point in August 2020, that bug was also very serious. This bug gave attackers access to photos, videos, GPS data and microphone along with recording phone calls. This time, Qualcomm claims that it is already aware of this bug and has released its fix patch.
However, XDA Developers says that none of the patches rolled out on Google are featured for bug CVE-2020-11292. To clarify this, a Qualcomm spokesperson reportedly told XDA that the patch will be a feature in Google’s June security update. About 40 percent of Android devices are affected by this bug of Qualcomm and the largest number of them are smartphones, and all the devices are at heavy security risk due to this bug.