Security firm Check Point Research (CPR) found the security flaw classified as CVE-2020-11292 in Qualcomm’s mobile station modems (MSM), the chip used for cellular communication in many mobile phones, including those manufactured by Google, Samsung, LG, Xiaomi, and OnePlus.
Designed to support advanced features in high-end phones
CPR said that many mobile phone makers now rely on third parties such as Qualcomm to produce hardware and software for their phones amid demand for these devices. More than 3 billion people worldwide now use mobile phones, and the number is expected to rise in the coming years. Qualcomm designed MSM for high-end phones to support advanced features such as 4G LTE and high definition recording.
Securing mobile devices
A Qualcomm representative told Tom’s Guide that CPR’s attack scenario would require breaking into Android security first, which means that a successful exploit would already give the attacker access to the mobile phone user’s text and call information. The representative said that Qualcomm will publicly include a fix for the vulnerability in the June Android security bulletin next month. CPR said that mobile phone users should observe security best practices to safeguard their devices from attackers. It said that phones should always be updated to the latest version. It also advised users only to install apps from the official app stores, install a security solution on their devices, and enable “remote wipe” capability on their device to minimize the possibility of losing sensitive data.
