Lately, more and more news about vulnerabilities in mobiles are appearing, they already work with iOS or Android. Since users have mainly turned to use their mobiles compared to desktops on a day-to-day basis, the vulnerabilities found in them are highly valued by hackers. So the researchers better find them first, although there is the problem of getting the solutions to the end-users. What is the problem of the new vulnerability that affects 40% of active mobiles that use certain Qualcomm processors?
The company called them mobile station modems (MSM) until recently, which is what gives the company’s processors the serial number, but the vulnerability system still exists in some of the processors from the last few years. The fault found affects mobiles from Google, Samsung, LG, Xiaomi and OnePlus, among many others, such as the Snapdragon 835 (MSM8995). The bug has the code CVE-2020-11292 and refers to a problem that exploits a heap overflow bug in the processor that allows access to SMS, listen to calls and other affected mobiles. Its focus is on the Qualcomm MSM Interface (QMI) that gives access to the device’s baseband processor.
The mobile manufacturers that have used the affected processors already have the solution – in fact since December 2020 – and now everything depends on how fast they are distributing the update. Which is the complexity of the vulnerabilities that affect the Android ecosystem, because most devices will remain vulnerable.