Check Point Research recently announced it had found a security hole in Qualcomm’s MSM modem chip software that some malicious apps could exploit. Researchers said the vulnerability is present in approximately 40% of smartphones, including those from Samsung, Google, and LG. “The current approach to addressing such security issues is disjointed at best,” Setu Kulkarni, vice president at cybersecurity firm WhiteHat Security, said in an email interview. Manufacturers, he added, “need to step up and educate the end-users about the impact these security issues have on [them] in layperson terms.”
Phones Face More Vulnerabilities
The Qualcomm vulnerability reportedly allows hackers to target Android users remotely, inserting malicious code in a phone’s modem and gaining the ability to launch programs. A Qualcomm spokesperson responded to the report with the following statement to Lifewire: “Providing technologies that support robust security and privacy is a priority for Qualcomm. Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available.” In an email interview, Stephen Banda, a senior manager at cybersecurity firm Lookout, said that the Qualcomm issue highlights how smartphones are vulnerable to a growing range of security problems. “Seeing that this is a widespread issue across a broad swath of Android devices, it’s extremely important for organizations to close the vulnerability window,” Banda added. “Upgrading as soon as the security patch and OS upgrade are available is essential to reduce the risk of a cybercriminal exploiting this vulnerability.” The Qualcomm bug is just the latest in a recent string of mobile phone vulnerabilities that have come to light. Last month, it was reported that low-cost carrier Q Link Wireless had been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network. The carrier offers an app customers can use to monitor text and minutes histories, data and minute usage, or to buy additional minutes or data. But the app also lets you access the information if you have the correct phone number, even without a password.
Be Wary of Downloads
To protect yourself against hackers, only download trusted and well-known apps, especially on Android, advised Bryan Hornung, CEO of Xact IT Solutions, in an email interview. “Google does not vet the applications in its app store like Apple does,” he added. “So all Android users must be vigilant when downloading apps from the store.” Users also should be wary of apps that ask for more permissions or access to the device than what is reasonable, Hornung said. For instance, some apps may ask for permissions to the camera or contacts. “If the app doesn’t have anything to do with your camera or your contacts, don’t allow the permission,” he added. “Malicious apps usually ask for root-level permissions, meaning it has complete control over your device.” But Kulkarni says there’s only so much users can do about an obscure issue like the Qualcomm vulnerability. Some security issues should be treated like a car recall with public service announcements, and in some cases, a mobile security issue may warrant a cable news headline. “Unless, and until, the end user receives a public service announcement like ‘Your text messages, call history, and conversations are at risk’ in their regional language, there will be little or no bias towards action on the part of the average end user,” he added. Over 48% of users are still running a version of the Android OS earlier than version 10, Kulkarni claimed. He added that the worst off (from a security standpoint) are users who have a device that no longer supports the latest OS update. “Their only choice is to upgrade the device,” Kulkarni said. “In this case, there is direct impact in terms of household budget when it comes to upgrading the phone for any individual and their family.”
