A vulnerability discovered by security firm Check Point Research
) could allow a malicious app to skip the usual security features giving it access to call and text history. It also gives an attacker the ability to record conversations. The Qualcomm Modem Interface (QMI) software is normally impossible for third-party apps to access, but if key aspects of Android are hacked, the QMI vulnerability can be used to listen in and record an active phone call, and as we already pointed out, steal call and SMS records.
QMI is used on as much as 40% of Android handsets including those made by Google, Samsung, OnePlus, LG, Xiaomi, and more. Check Point kept certain information out of its report to make sure that the attack can not be easily copied. There is no indication that the attack has been used by a malicious hacker.
Check Point revealed all of this to Qualcomm last October calling it a high-rated vulnerability. The chip maker told the phone manufacturers that use Qualcomm’s modem chips. So far, the vulnerability has not been fixed and we can only hope that Qualcomm and Google will patch this in a future security update.
However, Qualcomm says that it did made fixes available to “many” Android phone manufacturers last December and that these firms passed along security updates to end users. The vulnerability will be part of the June Android bulletin.
Qualcomm issued a statement today that said, “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices. Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices as patches become available.”