Companies have data leaks all the time, exposing some personal and even critical information. We just can’t seem to get away from data leaks and breaches. Another Facebook data breach? Tap or click here to check for your number.
But when you make a phone call, you assume that only you and the other person can hear what is being said. Unless you are a super-secret spy, there shouldn’t be any reason for your calls to be eavesdropped on.
That might not be the case if you have a specific mobile phone. A recently discovered flaw could be exploited by hackers and let them listen in on conversations. To make matter’s worse, the flaw has been detected in about 40% of mobile phones.
Here’s the backstory
The vulnerability was discovered by Check Point Research and has been designated CVE-2020-11292, which is tied to mobile phones that use Qualcomm’s Mobile Station Modem (MSM) chips. These tiny parts can be found in most modern Android phones. This includes 3G, 4G, and even the latest 5G models.
Who makes use of Qualcomm chips? Well, a large portion of the mobile phone industry relies on the company for its internal components. These include the likes of Samsung, Google, LG, OnePlus and Xiaomi.
MSM chips will always be a popular target for hackers. If they manage to get in, it can give them full access to a phone. And the new vulnerability can do just that. By sending an SMS or a radio signal, the MSM can be exploited and breached.
The flaw’s details are rather technical, but it has to do with the MSM component and how it handles data.
“We discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor. An attacker can use such a vulnerability to inject malicious code into the modem from Android,” Check Point explained in a blog post.
How serious is it?
To put the technical jargon into perspective, the vulnerability can give an attacker access to your call history and SMS functions. The scary part is that the attacker can listen to your calls as well.
But wait, it gets worse. “A hacker can exploit the vulnerability to unlock the SIM, thereby overcoming the limitations of the service providers imposed on the mobile device,” explains Check Point.
Is there anything to worry about? Well, not anymore. The flaw was quietly patched by Qualcomm in December last year before anybody noticed its severity. Since the issue was on the phone’s chip, there would have been nothing a consumer could have done.
“Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available,” Qualcomm explained.