Computer security researchers discovered at the end of 2020 a critical flaw that affects some Qualcomm SoCs. The latter now drive more than 40% of smartphones in the world. This flaw, described as critical by Qualcomm, affects modems and allows access to personal data.
The CheckPoint Research team reported this week to have discovered a critical flaw in some Qualcomm SoCs. This flaw, if exploited, would allow a hacker to access a lot of information on the phone. Fortunately, not all components of the Californian foundry are affected. The affected platforms are all part of the MSM (Mobile Station Modem) family.
However, you will find several dozen references. From MSM6000 released in 2006 to MSM8998 , aka Snapdragon 835, a high-end component released in 2018 . Virtually every Qualcomm platform that came out in between is part of it. This represents about 40% of the global fleet of Android smartphones in 2021. If you have an Android smartphone released between 2007 and 2018, then there is a good chance that you are concerned. All the biggest brands, except Apple obviously, are affected.
The flaw concerns more specifically the modem part of the SoC. If it is exploited, it allows several actions. The first is the interception of data passing through the modem and thus access to messages, call history and call content (telephone tapping). The second is the decryption of the information contained in the SIM card , a real safe where important data is stored. The third is the infiltration into the Android system and the injection of malware with whatever action that may entail.
A FLAW DISCOVERED IN OCTOBER 2020 AND CORRECTED TWO MONTHS LATER
Checkpoint Software researchers explain that they discovered this flaw in October 2020 and informed Qualcomm of its existence during this period. A patch was developed to fill the loophole and sent to the smartphone brands concerned as early as December 2020 . It is then up to them to deploy it on their installed base. Smartphones of 2018 (or even 2017) may be lucky enough to receive it. But for others, the chances are relatively small.
Our advice is obviously to check if your smartphone is up to date and that you have installed all the security patches. Also check the Play Store for updates: some Android components are updated directly from the Google app store. Recall that, each month, the Mountain View firm corrects dozens of Android security flaws