Android security flaw: Samsung deployed updates since January for vulnerability that may allow attackers access calls, messages

강승환 기자 | 기사입력 2021/05/12 [10:36]

Android security flaw: Samsung deployed updates since January for vulnerability that may allow attackers access calls, messages

강승환 기자 | 입력 : 2021/05/12 [10:36]

▲ Samsung Galaxy Note 20 Ultra and Google Pixel 4 | Photo credit: Thai Nguyen (@quangthai_itshop) / Unsplash

 

It was recently reported that a vulnerability in Qualcomm SoCs could allow attackers to gain access to sensitive data, such as phone calls and messages. Samsung has since assured Galaxy device owners that it has been on top of the situation and necessary updates have been deployed since January.

 

Samsung says fix for a critical flaw was available since January

 

Samsung immediately issued a statement to let Galaxy device owners know they have nothing to worry about following the publication of a security flaw identified as CVE-2020-11292. The South Korean tech giant confirmed that certain Android devices it released were affected by the published vulnerability.

 

Affected Samsung phones were not specified. But the company maintained they have been patched through other updates released since January. In the same statement, the company noted that Samsung devices where “Android Security Patch Level of May 1, 2021 or later” is installed are deemed protected from the security issue.

 

Qualcomm addresses ‘high-rated vulnerability’

 

CheckPoint detailed its findings in a blog post last week about the security flaw they found in the Qualcomm MSM Interface (QMI), which is said to be present in 30 percent of Android devices worldwide. “We discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor,” the security researchers explained.

 

When exploited, it could let attackers inject malicious codes into the software component in the modem from Android. This could then allow hackers to access a user’s call and message history, unlock a SIM, and listen to their phone conversations remotely.

 

Check Point also revealed that they first reported the issue to Qualcomm last Oct. 8. The chipmaker confirmed the issue a week later and flagged it as a “high rated vulnerability.” Qualcomm said in a statement to Android Police that it has also deployed fixes and made them available to Android OEMs last December.

 

It is then highly advised that Android phone users immediately download and install security updates once they are available. A notification or a prompt is usually displayed whenever a patch is available, but it also a good practice to regularly check from the Settings app for available software updates, especially if a device is not always connected to the internet.

 

Photo by Thai Nguyen on Unsplash

  • 도배방지 이미지

광고

뉴스레터 구독하기

세상을 바꾸고 있는 블록체인과 IT 관련 이야기를 쉽고 재미있게 만나보세요.

개인정보 수집 및 이용

뉴스레터 발송을 위한 최소한의 개인정보를 수집하고 이용합니다. 수집된 정보는 발송 외 다른 목적으로 이용되지 않으며, 서비스가 종료되거나 구독을 해지할 경우 즉시 파기됩니다.

IT/Global 많이 본 기사
광고
광고