SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

Security flaw in Qualcomm modems affects millions of 5G Samsung devices

Phone
By 

Last updated: May 12th, 2021 at 15:54 UTC+02:00

A serious security flaw affecting Qualcomm’s mobile station modems (MSM) was recently disclosed by security research team Check Point, who claims that the vulnerability could be exploited to inject malicious code into the phone by using the Android operating system itself as an entry point. The affected chip(s) are reportedly responsible for connecting nearly 40% of all smartphones in the world, including high-end phones from Samsung and other OEMs.

The research team found that if a researcher wants to explore the latest 5G code in devices powered by Qualcomm’s modems by implementing a debugger, the easiest way to do that is to exploit MSM data services through QMI’ (Qualcomm MSM Interface). The investigation revealed a vulnerability in modem data service that can be used to control the modem and dynamically patch it from the application processor.’

Numerous Samsung Galaxy devices remain vulnerable to this threat

The good news is that although the security flaw was publicly disclosed earlier today, it has already been addressed and patched by Qualcomm in December 2020. The issue was kept under wraps for obvious security reasons.

The not-so-good news is that numerous smartphones developed by Samsung (as well as other OEMs) are still vulnerable as of this writing. As always, if a part manufacturer such as Qualcomm releases a patch for its hardware, it’s up to smartphone OEMs to distribute the update as they see fit. And because we live in the world of Android OS where fragmentation is par for the course, some devices will be updated sooner than others, with availability differing by region.

Now, because Check Point has decided to make this issue public, this indicates that smartphone OEMs — including Samsung — should now be in the process of updating their devices to address the security flaw, however, it may take some time.

The May 2021 security patch is now rolling out for numerous Galaxy devices, but it might not contain the necessary fixes for this issue. The security patch does include a fix for devices powered by both Exynos and Qualcomm chipsets — one that was reported in December — but it doesn’t seem to match Check Point’s description. Qualcomm has classified the vulnerability as ‘CVE-2020-11292,’ and this classification was not mentioned in Samsung’s latest security bulletin.

Update: Samsung has since updated the May 2021 security bulletin and confirmed that the security flaw classified as “CVE-2020-11292” has been gradually patched since January.

Original story continues:

At the end of the day, what this means is that Samsung is, or should soon be in the process of releasing a new security patch that fixes Qualcomm’s security flaw. However, we’re not sure how many models are affected or if the May 2021 security patch addresses it in any capacity.

Either way, mobile device users should make sure that they’re always running the latest security updates. SamMobile readers can refer to our new online tool to check if their phone runs the latest security patch available in their region.

Via FirmwareGeneralPhoneTablet 5GQualcomm
Load 2 comments

You might also like

Dish launches 5G service in over 120 cities in the US, powered by Sams …

Dish has finally launched its 5G cellular network in the US. The wireless service is now available in over 120 …

  • By Asif Iqbal Shaik
  • 1 week ago

Galaxy S22 tops 3Gbps download speeds on T-Mobile’s mid-band 5G …

After becoming the first smartphone to offer VoNR calls in the US, the Galaxy S22 has recorded another achieve …

  • By Asif Iqbal Shaik
  • 1 week ago

SamMobile Podcast Episode 10: Let’s talk Samsung and ARM, OLED l …

Some interesting reports and official news in the world of Samsung began emerging over the past week. And sinc …

  • By Mihai Matei
  • 2 weeks ago

Snapdragon 8 Gen 2 rumored specs reveal unusual CPU core layout

It hasn’t been that long since Qualcomm announced the Snapdragon 8+ Gen 1 chipset, which is supposed to …

  • By Mihai Matei
  • 2 weeks ago

Galaxy S21 gets support for Vo5G calls on T-Mobile’s network in …

Last week, the Galaxy S22 became the first phone in the world to receive support for Vo5G (Voice Over 5G) cal …

  • By Asif Iqbal Shaik
  • 2 weeks ago

Samsung Galaxy S22 becomes the first phone to offer voice over 5G (Vo5 …

The Galaxy S22, S22+, and S22 Ultra have become the world’s first smartphones to enable voice over 5G (V …

  • By Mihai Matei
  • 3 weeks ago