A malicious app can exploit the issue, which could affect up to 30 percent of Android phones.
A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls.
That’s according to Check Point Research, which said that the bug (CVE-2020-11292) exists in the Qualcomm Mobile Station Modem (MSM) Interface, which is known as QMI for short. MSMs are systems on chips (SoCs) designed by Qualcomm, and QMI is a proprietary protocol used to communicate between software components in the modem and other peripheral subsystems.