Adverse effects on 30%of smartphones worldwide, vulnerabilities are found in Qualcom's chips

Written By mobilephonebrand

If you are an Android user, you need to be careful.

It was discovered and reported that this Qualcomm's chip vulnerabilities were abused, which could access data on smartphones and could eavesdrop on calls and SMS.

Possibility of affecting 30 % of smartphones around the world

This vulnerabilities are reported by cyber security companies "CHECK POINT Software (CPR)" and may be abused by 30%of smartphones around the world.Qualcolm has contracted with major Android smartphones, such as Samsung, Google, Xiaomi, and LG, and offers hundreds of millions of terminals distributed around the world.According to the CPR, the Mobile Station Modem (MSM) is a unique Qualcomm MSM Interface (QMI), which is approved by a smartphone of about 40%of smartphones worldwide and about 30%of smartphones.Equipped with an interface.

The affected MSM is a SOC (system -on -chip) that provides functions to most important components in smartphones.

全世界30%のスマートフォンに悪影響、クアルコムのチップに脆弱性が見つかる

What is the effect?

The attack method assumed by CPR requires access to the operating system of the target equipment, but it is possible to easily access it quite easily with malicious Trojan -type apps and other malicious techniques.If you can do this.Attackers can access them with malicious code on the modem and leak confidential information.

If you take this attack, the QMI of your smartphone (a protocol that manages the communication between the software components in the MSM) will be hijacked, and you will be able to access text messages and call history, and can also eaves call for calls.According to the research results, there is a possibility that the contents of the SIM card of the terminal can be accessed.

Yaniv Balmas, the head of CPR Cyber Research Division

Mobile phone modem chips are often thought to be treasures for cyber attackers.Qualcom's attack on modem chips can adversely affect hundreds of millions of mobile phones around the world.We ultimately prove that these chips have dangerous vulnerabilities, and clarify that the attacker can use the Android OS to inject malicious codes into smartphones without noticing.Did.The main message I want to convey to Android users is to update the smartphone OS to the latest one.

I have stated.

It is unknown how many correction patches are distributed

Unfortunately, it is not clear whether this patch for this vulnerability has been issued 100%.

The distribution of patches in this industry will be a trickle -down method in which major companies like Quarcom will issue an update, and then the mobile phone manufacturers will apply the correction program on their own.According to the record newspaper, it is not clear whether any mobile phone manufacturer is distributing patches.

The CPR has already reported this vulnerabilities to Qualcom, the company has recognized the problem, and has notified all Android vendors, but it is unknown how much patches have been distributed and applied.

For the time being, Android users will update to the latest OS.