On millions of Android phones, a modem weakness might enable hackers to listen in on your calls.

 

ON THIS PAGE: On millions of Android phones, a modem weakness might enable hackers to listen in on your calls.

An approximate 40% of Android phones are affected by the Qualcomm problem.[ps2id id='An approximate 40% of Android phones are affected by the Qualcomm problem.' target=''/]

At various levels of pressure, Google and other Android manufacturers aim to stay on top of hardware and app protection. Check Point Research today revealed a flaw in commonly used Qualcomm SoCs, which was especially concerning. It might potentially enable a malicious app to patch Qualcomm's MSM modem chips' firmware, allowing it access to call and text history and even recording conversations.

Nexus 6P has a hardware fuse that blows irreversibly when bootloader

The problem is broken down in a highly technical manner by Check Point. To put it another way, bugs were discovered in the connections between the modem's Qualcomm Modem Interface (QMI) software layer and the debugger service, enabling it to dynamically repair the software and circumvent the normal protection measures. Standard third-party applications may not have protection rights to reach QMI, however this assault might be used if further important features of Android were violated.

The researchers discovered that a malicious app might listen in on and monitor an ongoing phone call, obtain call and SMS data, and even activate a SIM card using the vulnerabilities they discovered. Check Point reports that the insecure QMI malware is present in roughly 40% of smartphones, including those from Samsung, Google, LG, OnePlus, Xiaomi, and other manufacturers.

Although the attack's tactics were outlined in general terms, detailed detail needed to replicate the attack was left out of the study to avoid easy duplication. There is currently no evidence that this mode of assault is being used "in the wild."

https://www.youtube.com/watch?v=T1GixFumMms
Android Phones Hacker Listen Call

Since CPR informed Qualcomm of the problem in October of last year, Qualcomm has acknowledged it as a high-rated weakness and has passed it on to Android manufacturers that use Qualcomm modems. The flaw has not been patched as of this writing, although both Qualcomm and Google are likely working on adding a workaround into a potential security patch.

Contents from some of my favorite Websites

 

Google and other Android manufacturers make different degrees of effort to maintain hardware and software security. However, a vulnerability in widely used Qualcomm SoCs revealed today by Check Point Research was especially concerning. It may potentially enable a malicious program to patch the software for Qualcomm's MSM modem chips, allowing it access to call and text history or even recording conversations.

Check Point's analysis of the problem is highly technical. To put it another way, flaws were discovered in the links between the modem's Qualcomm Modem Interface (QMI) software layer and the debugger service, enabling it to dynamically patch the program and circumvent the normal security measures. Although standard third-party applications do not have security credentials to access QMI, this exploit might be utilized if more important parts of Android were hacked.

The researchers concluded that a malicious software could listen in on and record a live phone conversation, get call and SMS data, and even unlock a SIM card using the vulnerabilities they discovered. Check Point believes that the susceptible QMI software is included in roughly 40% of smartphones from manufacturers like as Samsung, Google, LG, OnePlus, Xiaomi, and others.

While the techniques for this assault were outlined in broad strokes, particular details were left out of the paper to prevent anybody from simply replicating the procedure. As of yet, there is no evidence that this type of assault is being utilized "in the wild."

Qualcomm has been aware of this problem since CPR informed it of it in October of last year, and it has verified it as a high-rated vulnerability, passing it on to Android makers that utilize Qualcomm modems. At the time of writing, the vulnerability has not been patched, although both Qualcomm and Google are likely working on integrating a remedy into a future security patch.

Qualcomm's official statement[ps2id id='Qualcomm's official statement' target=''/]

"After we published this article, a Qualcomm representative contacted us with the following statement:

Qualcomm is focused on developing solutions that promote strong protection and privacy. We applaud Check Point's protection researchers for adhering to industry-standard coordinated transparency procedures. In December 2020, Qualcomm Technologies made updates accessible to OEMs, and we urge end users to upgrade their devices when patches become available."

The representative went on to state that "many" Android OEMs had already pushed out the required security patches to end users, and that there is no indication that Check Point's weakness is being exploited. In June, the flaw will be published in the public Android bulletin.

Android LNICST 130 - Mobile Computing, Applications, and Services
https://www.techguruhub.net/2021/05/07/android-phones-hackers-listen-call/?feed_id=91029&_unique_id=62aace5745096

Comments

Post a Comment

Popular posts from this blog

Need an Hosting for Wordpress? The Best WordPress Hosting Sites Providers in 2022

Image
Need to a dedicated hosting for wordpress? If you need to create a website fast, WordPress is one of the most popular and adaptable content management systems. These best hosting providers provide you with the resources you need to build a strong site using the popular CMS plus compare the pricing, features, performance, and support of WordPress hosting providers to determine which is best for you or your company. We know this, an hosting for wordpress are precious for our business. Most individuals who have used a content management system will claim they've used WordPress. For the greater part of two decades, open-source software has powered a wide range of websites, from major media brands like Rolling Stone to one-person blogging operations. The accurancy of choose a perfect wordpress website hosting it's a Pro move. Customers like WordPress because it allows them to create a professional bespoke website utilizing a choice of themes, plug-ins, a...
Read more

Need an Hosting for Wordpress? The Best WordPress Hosting Sites Providers in 2022

Image
Need to a dedicated hosting for wordpress? If you need to create a website fast, WordPress is one of the most popular and adaptable content management systems. These best hosting providers provide you with the resources you need to build a strong site using the popular CMS plus compare the pricing, features, performance, and support of WordPress hosting providers to determine which is best for you or your company. We know this, an hosting for wordpress are precious for our business. Most individuals who have used a content management system will claim they've used WordPress. For the greater part of two decades, open-source software has powered a wide range of websites, from major media brands like Rolling Stone to one-person blogging operations. The accurancy of choose a perfect wordpress website hosting it's a Pro move. Customers like WordPress because it allows them to create a professional bespoke website utilizing a choice of themes, plug-ins, a...
Read more

Getting Started with Open Shortest Path First (OSPF)

Image
OSPF is amazing and funzional in enterprise networks. The OSPF interior routing protocol is very common. OSPF performs an excellent job of estimating cost values in order to choose the shortest path to its destinations first. The three types of Open Shortest Path First activities are as follows: Neighbor and adjacency initialization LSA flooding SPF tree calculation We'll go through the fundamentals of Open Shortest Path First, as well as its functionality and setup, in this report.   ON THIS PAGE: Getting Started with Open Shortest Path First (OSPF) Initialization of neighbours and adjacencies Flooding and State Advertisements The fundamentals of Open Shortest Path First configuration   Initialization of neighbours and adjacencies[ps2id id='Initialization of neighbours and adjacencies' target=''/] This is the very first step in the Open Shortest Path First method. This role, as well as the ma...
Read more