Android security flaw: Samsung deployed updates since January for vulnerability that may allow attackers access calls, messages
It was recently reported that a vulnerability in Qualcomm SoCs could allow attackers to gain access to sensitive data, such as phone calls and messages. Samsung has since assured Galaxy device owners that it has been on top of the situation and necessary updates have been deployed since January.
Samsung says fix for a critical flaw was available since January
Samsung immediately issued a statement to let Galaxy device owners know they have nothing to worry about following the publication of a security flaw identified as CVE-2020-11292. The South Korean tech giant confirmed that certain Android devices it released were affected by the published vulnerability.
Affected Samsung phones were not specified. But the company maintained they have been patched through other updates released since January. In the same statement, the company noted that Samsung devices where “Android Security Patch Level of May 1, 2021 or later” is installed are deemed protected from the security issue.
Qualcomm addresses ‘high-rated vulnerability’
CheckPoint detailed its findings in a blog post last week about the security flaw they found in the Qualcomm MSM Interface (QMI), which is said to be present in 30 percent of Android devices worldwide. “We discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor,” the security researchers explained.
When exploited, it could let attackers inject malicious codes into the software component in the modem from Android. This could then allow hackers to access a user’s call and message history, unlock a SIM, and listen to their phone conversations remotely.
Check Point also revealed that they first reported the issue to Qualcomm last Oct. 8. The chipmaker confirmed the issue a week later and flagged it as a “high rated vulnerability.” Qualcomm said in a statement to Android Police that it has also deployed fixes and made them available to Android OEMs last December.
It is then highly advised that Android phone users immediately download and install security updates once they are available. A notification or a prompt is usually displayed whenever a patch is available, but it also a good practice to regularly check from the Settings app for available software updates, especially if a device is not always connected to the internet.