Qualcomm-vulnerabilities-1

 

Qualcomm is working on the bugs:

 

Even companies like Qualcomm, which are very serious about the security of their products for mobile devices, sometimes miscalculate. It is believed that the protocols for checking the security of chips should take into account the real risks. And if you check for all possible potential vulnerabilities and errors, it turns out to be very long and expensive.

 

Qualcomm-mobile-errors-2

 

Therefore, the developers can not completely exclude errors. Thus, due to the sharp increase in the post-pandemic activity of various cybercriminals, errors are detected more often than usual. No one says that there are none at all. It is only a matter of risk – that is, how much it is potentially possible to take advantage of a particular vulnerability.

 

More detailed:

 

Always, when assessing the risk of a particular vulnerability, there is a question of labor costs for its operation. That is, if the costs of possible exploitation of the vulnerability are too high, then the company ignores such errors.

 

Unfortunately, it seems that the protocols for assessing these risks have ceased to take into account the increased financial and professional capabilities of hackers. And they, of course, did not fail to take advantage of this.

 

Subject-specific:

 

Now we know the vulnerabilities that affect Qualcomm modems, up to the most recent versions with support for the 5G communication standard. Interestingly, the Qualcomm MSM modem (mobile station modem) uses SoC. This allows you to use known vulnerabilities very effectively.

 

For example, it allows access to SMS messages, call logs, and even listening to connections. In addition, when you unlock the identification module, that is, the SIM, more fantastic features and scenarios are possible. The name of the vulnerability is CVE-2020-11292.

 

Implementation potential:

 

The easiest way, according to analysts, is to use such vulnerabilities under the guise of various malicious applications.And this activity is masked by the work of the modem.

 

 

Thus, when running such an application, the entry point is Android. And the system does not see such activity.

 

The prospects:

 

The researchers provided Qualcomm with vulnerability data. After verification, all risks were confirmed by experts The technical details  report is provided for review.

 

Recommendations:

 

Of course, for the best protection, all users need up-to-date Android updates. For example, companies that produce mobile devices are at risk for a total of up to 40% of the gadgets they produce.

 

Qualcomm-security-3

 

Additionally:

 

Last year, Qualcomm redesigned the code in DSP chips (digital signal processors). Then the vulnerability concerned the ability to control the device. Other security issues related to WiFi and encryption (in the Snapdragon SoC WLAN firmware) have also been fixed.

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.