Manufacturers and network operators have been pushing 5G technology hard, even throughout a pandemic that forced some industries to stall for a while. Now it seems, however, that one of the most critical pieces of hardware that enables that technology for users might be putting them at risk as well. Qualcomm’s 5G modem reportedly has a very severe flaw that can be exploited through Android, putting potentially hundreds of thousands of users at risk.
The flaw, according to Check Point Research, can be found in Qualcomm’s Mobile Station Modem, a technology that has been around since 1990. It is responsible for many of the modem-related features from 4G LTE and, subsequently, 5G as well. That means that almost every phone that uses a 5G-capable Qualcomm processor is potentially affected by this vulnerability but there is one other element that makes it worse.
The security researchers point out that the flaw could be easily exploited via the Android operating system, which is pretty much the OS that runs on all phones with Qualcomm chips, including the newer 5G ones. Attackers can simply send a specially crafted SMS to take control of it, giving it access to read messages, see the phone’s call history, or even unlock the device’s SIM.
The good news is that Check Point Research reported this flaw to Qualcomm who was able to develop a fix for it late last year. The researchers didn’t publicly disclose the vulnerability to give Qualcomm time to make the necessary fixes and inform its partners.
The bad news is that we are also talking about Android here, and it’s up to manufacturers to actually deliver that bugfix to their customers. Some OEMs are better than others in that regard but, unfortunately, it affects all Snapdragon 5G phones, no matter how fast or slow in pushing out updates.