A serious flaw was found on the Qualcomm chip. A malicious application could manipulate Qualcomm’s MSM modem software and obtain call and SMS history in theory.
The attack can also be used to record calls, according to Check Point Research. To put it simply, the vulnerability lies in the connection between the software for the Qualcomm modem interface and debugging service. Therefore, the security measures can be circumvented.
Check Point Research estimates that about 40% of Android devices are vulnerable, and these devices come from Samsung, Google, Xiaomi, and other manufacturers. According to a statement from Qualcomm, they provided a safety measure to manufacturers in December last year.
Qualcomm says that “many” manufacturers had closed their doors and urges users to install any security updates. Chipmakers also believe that there is no concrete evidence that the vulnerability was exploited by attackers.