Last week, researchers at Israeli cybersecurity firm Check Point uncovered a vulnerability in smartphones featuring Qualcomm modems. A successful exploit could allow the attacker to read texts, listen to calls and even inject code into the Android OS. However, Samsung has begun offering a security patch to fix this particular issue starting from as far back as January 2021.
All the Samsung Galaxy smartphones will be protected from this vulnerability with the latest May 2021 Android security patch update. Interestingly, there is no mention of this patch in the latest Android Security Bulletin for the month of May 2021. In the first place, this only affects the smartphones launched with a Qualcomm modem.
Samsung releases May security update with modem vulnerability patch
The bug was first reported to Qualcomm by Check Point in October last year. Qualcomm immediately acknowledged the issue and considered it as a high-rated vulnerability. The Qualcomm MSM Interface (QMI), which is key for exploiting this vulnerability, is present on approximately 30 percent of all mobile phones globally.
As of now, there is not even a single report of vulnerability exploitation in the wild. The attacker can unlock the devices locked by the manufacturer for certain carriers using this method. Meanwhile, Qualcomm says most of the devices affected by this vulnerability will receive the CVE-2020-11292 patch with their June 2021 Android security patch update.
Notably, the chipmaker has made the patch available from December 2020. Over the past few months, a few smartphones like Google’s Pixel have received updates including a patch for this issue. Since manufacturers will roll out the Android updates, Qualcomm can’t claim that all smartphones have received a fix for this vulnerability.
The vulnerability in Qualcomm modems affects 30 percent of mobile phones
After all, it is highly recommended to install the latest software update available on your smartphone. Qualcomm is the leading chipset maker for several smartphone brands around the world. Even Apple relies on Qualcomm for the 5G modem in the iPhone 12 series. A majority of Android smartphones will receive up to three years of Android security patch updates.
While most manufacturers release monthly security patch updates, a few of them do it bi-monthly. Nevertheless, the rest of the smartphones affected by this vulnerability should receive the patch in the coming months. All of the smartphones from major brands launched in the last couple of years should be seeing a new security patch update in the coming weeks or months.