{"id":243869,"date":"2021-05-06T21:17:43","date_gmt":"2021-05-06T18:17:43","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/qualcomm-is-patching-a-critical-bug-on-android-review-geek\/"},"modified":"2021-05-06T21:17:43","modified_gmt":"2021-05-06T18:17:43","slug":"qualcomm-is-patching-a-critical-bug-on-android-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/qualcomm-is-patching-a-critical-bug-on-android-review-geek\/","title":{"rendered":"#Qualcomm is Patching a Critical Bug on Android \u2013 Review Geek"},"content":{"rendered":"

“#Qualcomm is Patching a Critical Bug on Android \u2013 Review Geek”<\/strong><\/p>\n

\n
\"Qualcomm
rafapress\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n

Recently, a critical chip flaw was discovered in Qualcomm\u2019s Mobile Station Modem (MSM), a system of chips that run on nearly one third of the world\u2019s smartphones, mostly higher-end devices. Now, a fix for the vulnerability is headed to Android devices.<\/span><\/p>\n

The bug was discovered by researchers at <\/span>Check Point Research<\/span><\/a>. The MSM helps run things like SMS, voice, and high-definition recording and is primarily found on higher-end devices from LG, Samsung, Xiaomi, Google, and OnePlus. Phone manufacturers can add on to the functionality of these chips to handle tasks like SIM unlock requests.<\/span><\/p>\n

The root of the problem is that the buffer overflow can be exploited by malicious app<\/a> installations which can then plant malicious and nearly undetectable code into the device\u2019s MSM that can potentially affect some of the device\u2019s most vital functions.<\/span><\/p>\n

\u201cThis means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user\u2019s call history and SMS, as well as the ability to listen to the device user\u2019s conversations,\u201d stated the researchers. \u201cA hacker can also exploit the vulnerability to unlock the device\u2019s SIM, thereby overcoming the limitations imposed by service providers on it.\u201d<\/span><\/p>\n

\"Developer
Joyseulay\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n

A spokesperson from Check Point Research, Ekram Ahmed, told <\/span>Ars Technica<\/span><\/i> that Qualcomm has released a patch and disclosed the bug to all affected customers. \u201cFrom our experience, the implementation of these fixes takes time, so some of the phones may still be prone to the threat. Accordingly, we decided not to share all the technical details, as it would give hackers a roadmap on how to orchestra an exploitation.\u201d<\/span><\/p>\n

Likewise, Qualcomm released a statement saying \u201cProviding technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices. Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices as patches become available.\u201d\u00a0<\/span><\/p>\n

The chip flaw, tracked as CVE-2020-11292 was discovered using a process called fuzzing. The process exposes the chip system to unusual inputs which then help detect bugs in the firmware. While the implications of the vulnerability are frightening, they\u2019ve also given security researchers more information and will make future security measures and detection easier.<\/span><\/p>\n

via <\/span>Ars Technica<\/span><\/a><\/small>\n<\/div>\n