Check Point Research announced that it had found a security hole in Qualcomm’s MSM modem chip software that some malicious apps could exploit. Researchers said the vulnerability is present in about 40% of smartphones running Android, including those from Samsung, Google, and LG. A Qualcomm spokesperson responded to the report with the following statement to Lifewire: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices. Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available.” The issue highlights that mobile devices are vulnerable to security problems, Stephen Banda, a senior manager at cybersecurity firm Lookout, said in an email interview. “Seeing that this is a widespread issue across a broad swath of Android devices, it’s extremely important for organizations to close the vulnerability window,” Banda added. “Upgrading as soon as the security patch and OS upgrade are available is essential to reduce the risk of a cybercriminal exploiting this vulnerability.” The Qualcomm bug is just the latest in a recent string of mobile phone vulnerabilities. Last month, it was reported that low-cost carrier Q Link Wireless had been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network. The carrier offers an app that customers can use to monitor text and minutes histories, data and minute usage, or to buy additional minutes or data. But the app also lets you access the information if you have the right phone number, even without a password.
