Vulnerability found security company Check Point Research
) may allow a maliciously crafted application to bypass normal security features, allowing it to gain access to your calls and text history. It allows an attacker to record conversations. Qualcomm Modem Interface (QMI) software is normally impossible to use in third-party applications, but if key aspects of Android are hacked, the QMI vulnerability can be used to listen to and record an active call and, as we have already noted, steal call and SMS records.
QMI is used in up to 40 percent of Android mobile phones, including Google, Samsung, OnePlus, LG, Xiaomi and others. Check Point kept certain information out of its report to ensure that the attack could not be easily copied. There are no indications that a malicious hacker has used the attack.
Check Point revealed all of this to Qualcomm last October, calling it a highly regarded vulnerability. The circuit maker told phone manufacturers that use Qualcomm’s modem circuits. So far, the vulnerability has not been fixed, and we can only hope that Qualcomm and Google will fix this in a future security update.
Timeline of the vulnerability submitted by Check Point
However, Qualcomm says it made the fixes available to “many” Android phone vendors last December and that these companies passed security updates to end users. The vulnerability is part of the June Android release.
Qualcomm today issued a statement that “Providing robust security and privacy technologies is a priority for Qualcomm. We thank Check Point’s security researchers for using coordinated disclosure practices in line with industry standards. Qualcomm Technologies has already delivered fixes to OEMs as of December 2020; patches will be available. “