Samsung has now confirmed that millions of Galaxy smartphones are affected by the critical Qualcomm vulnerability Check Point disclosed last week. “Samsung Android devices with Qualcomm chipset are affected by the vulnerability,” the tech giant warns, “the vulnerability may allow a malicious app to gain access to user information.”
But the warning comes with a twist—not all Samsung devices have been updated—for many there may not even be a fix available to install yet. “While a number of devices have already been patched starting in January of 2021,” it is only once the May 1 security update has been installed that “most” of its devices can be considered secure.
This is the second time that Check Point has discovered a flaw in the Qualcomm hardware on Samsung and other leading smartphones. This particular issue is with the 5G chipset, and would allow malware infecting the Android OS to hide itself on the chip, preventing detection and protection.
According to Check Point, this would enable “an attacker using Android OS itself as an entry point to inject malicious and invisible code into phones, granting an attacker access to call history, SMS messages and audio of phone conversations.”
MORE FOR YOU
Because this chip communicates with the network carrier and the device OS, the vulnerability also allows an attacker to unlock the SIM and override network settings.
As ever with Android, the fact that Samsung has now confirmed an update doesn’t provide all affected users with a solution. Some devices in some locations may have the update now, others need to wait and keep checking. The fragmented ecosystem means that the timing of updates for specific regions, devices and even carriers varies. But “all users [should] ensure their devices are updated once the patch becomes available.”
Check Point warned as much last week, telling me “there is a long supply chain here: Qualcomm to phone vendors to consumers. That makes it really hard to fix such issues once found. It took us a really long iterartion with Qualcomm in order to address this issue. We’re talking about a minimum of one year until fixes arrive with consumers.”
Qualcomm confirmed to me that it issued a fix more than five months ago: “Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices as patches become available.”
This is a real issue for Android users and a source of contention for those spending $1000 and more on a flagship device, only to be caught up in the vagaries of an inefficient update process that can see a vulnerability remain open to exploitation for significantly longer that should be the case.
No devices are immune from such problems. Apple prides itself on the security of its devices, but we have seen multiple “emergency” warnings this year for iPhone users to update devices as vulnerabilities have been disclosed and fixed. But that’s a simple process, whereby the fix is universally available quickly. Android needs to catch up.
The Link LonkMay 12, 2021 at 04:30PM
https://ift.tt/3hlJtpE
Urgent New Update Confirmed For Millions Of Samsung Galaxy Users - Forbes
https://ift.tt/31VSHRH
Samsung
No comments:
Post a Comment