Security flaw in Qualcomm modems affects millions of 5G Samsung devices

Phone
By 

Last updated: May 12th, 2021 at 15:54 UTC+02:00

A serious security flaw affecting Qualcomm’s mobile station modems (MSM) was recently disclosed by security research team Check Point, who claims that the vulnerability could be exploited to inject malicious code into the phone by using the Android operating system itself as an entry point. The affected chip(s) are reportedly responsible for connecting nearly 40% of all smartphones in the world, including high-end phones from Samsung and other OEMs.

The research team found that if a researcher wants to explore the latest 5G code in devices powered by Qualcomm’s modems by implementing a debugger, the easiest way to do that is to exploit MSM data services through QMI’ (Qualcomm MSM Interface). The investigation revealed a vulnerability in modem data service that can be used to control the modem and dynamically patch it from the application processor.’

Numerous Samsung Galaxy devices remain vulnerable to this threat

The good news is that although the security flaw was publicly disclosed earlier today, it has already been addressed and patched by Qualcomm in December 2020. The issue was kept under wraps for obvious security reasons.

The not-so-good news is that numerous smartphones developed by Samsung (as well as other OEMs) are still vulnerable as of this writing. As always, if a part manufacturer such as Qualcomm releases a patch for its hardware, it’s up to smartphone OEMs to distribute the update as they see fit. And because we live in the world of Android OS where fragmentation is par for the course, some devices will be updated sooner than others, with availability differing by region.

Now, because Check Point has decided to make this issue public, this indicates that smartphone OEMs — including Samsung — should now be in the process of updating their devices to address the security flaw, however, it may take some time.

The May 2021 security patch is now rolling out for numerous Galaxy devices, but it might not contain the necessary fixes for this issue. The security patch does include a fix for devices powered by both Exynos and Qualcomm chipsets — one that was reported in December — but it doesn’t seem to match Check Point’s description. Qualcomm has classified the vulnerability as ‘CVE-2020-11292,’ and this classification was not mentioned in Samsung’s latest security bulletin.

Update: Samsung has since updated the May 2021 security bulletin and confirmed that the security flaw classified as “CVE-2020-11292” has been gradually patched since January.

Original story continues:

At the end of the day, what this means is that Samsung is, or should soon be in the process of releasing a new security patch that fixes Qualcomm’s security flaw. However, we’re not sure how many models are affected or if the May 2021 security patch addresses it in any capacity.

Either way, mobile device users should make sure that they’re always running the latest security updates. SamMobile readers can refer to our new online tool to check if their phone runs the latest security patch available in their region.

Via FirmwareGeneralPhoneTablet 5GQualcomm
Load comments

Related News

Samsung breaks new 5G upload speed record in Texas

  • By Mihai M.
  • 7 hours ago

Samsung develops a 5G VoNR solution for smartphone brands, network car …

  • By Asif S.
  • 2 weeks ago

Samsung uses 5G to boost network speeds in Seoul subways by 25 times

  • By Mihai M.
  • 2 weeks ago

Snapdragon Galaxy S22 loses to Exynos model in early benchmark

  • By Mihai M.
  • 4 weeks ago

Indian customers will love the Galaxy S22 if latest rumor is true

  • By Mihai M.
  • 1 month ago

Next-gen Wear OS watches may have already lost to the Galaxy Watch 4

  • By Mihai M.
  • 1 month ago

Galaxy A52s vs Galaxy A52 (5G): For customers who want even more power

  • By Mihai M.
  • 2 months ago

The Galaxy Z Fold 3 and Z Flip 3 have fully embraced the era of 5G

  • By Mihai M.
  • 2 months ago