Skip to content

A new vulnerability in 40% of smartphones may allow hackers to listen to phone calls

A new vulnerability in 40% of smartphones may allow hackers to listen to phone calls

A vulnerability found in nearly 40% of all smartphones could allow hackers to access users’ call and text history and even listen to phone conversations.

Security firm Check Point Research (CPR) found the security flaw classified as CVE-2020-11292 in Qualcomm’s mobile station modems (MSM), the chip used for cellular communication in many mobile phones, including those manufactured by Google, Samsung, LG, Xiaomi, and OnePlus. 

Designed to support advanced features in high-end phones

CPR said that many mobile phone makers now rely on third parties such as Qualcomm to produce hardware and software for their phones amid demand for these devices. More than 3 billion people worldwide now use mobile phones, and the number is expected to rise in the coming years.

Qualcomm designed MSM for high-end phones to support advanced features such as 4G LTE and high definition recording. 

“MSM has always been and will continue to be a popular target for security research and for cybercriminals. After all, hackers are always looking for ways to attack mobile devices remotely, such as by sending an SMS or a crafted radio packet that communicates with the device and has the ability to take control of it,” CPR wrote in a blog post.

Securing mobile devices

A Qualcomm representative told Tom’s Guide that CPR’s attack scenario would require breaking into Android security first, which means that a successful exploit would already give the attacker access to the mobile phone user’s text and call information. 

The representative said that Qualcomm will publicly include a fix for the vulnerability in the June Android security bulletin next month.

“Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available,” the Qualcomm representative said. 

CPR said that mobile phone users should observe security best practices to safeguard their devices from attackers.

It said that phones should always be updated to the latest version. It also advised users only to install apps from the official app stores, install a security solution on their devices, and enable “remote wipe” capability on their device to minimize the possibility of losing sensitive data.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account?

Services

IMPORTANT NOTICE

Finbold is a news and information website. This Site may contain sponsored content, advertisements, and third-party materials, for which Finbold expressly disclaims any liability.

RISK WARNING: Cryptocurrencies are high-risk investments and you should not expect to be protected if something goes wrong. Don’t invest unless you’re prepared to lose all the money you invest. (Click here to learn more about cryptocurrency risks.)

By accessing this Site, you acknowledge that you understand these risks and that Finbold bears no responsibility for any losses, damages, or consequences resulting from your use of the Site or reliance on its content. Click here to learn more.