Israeli cybersecurity firm CheckPoint has discovered a security flaw in Qualcomm chips that could allow a malicious party to access your phone calls and text messages. The bug was discovered in Qualcomm’s Mobile Station Modems (MSM), a series of systems on chips used in mobile devices that enable cellular connectivity (and a host of other functions such as HD recording) on over 40% of phones worldwide. In this case, phones that use a proprietary protocol called QMI (Qualcomm MSM Interface) that enables communication between MSM software components and other subsystems on a phone have been vulnerable.
Checkpoint determines that the vulnerability in the Qualcomm chip could allow a hacker to insert malicious code into the modem in a number of ways, including: B. via an app to access the call history and SMS of the users. It could even be exploited to hear your conversations. Checkpoint experts estimate that QMI can be found on over 30% of all phones in the world, which means that billions of devices have been exposed to a possible attack. Furthermore The bug could also have been exploited to unlock the SIM card used on a phone.
[CPR-Zero] CVE-2020-11292 (Qualcomm Data Modem): Buffer overflow in the QMI voice service API provided by the HLOShttps: //t.co/Bkfw0iDHte modem
– Check Point Research (@_CPResearch_) May 6, 2021
“We have discovered a vulnerability in a modem data service that allows the modem to be controlled and dynamically patched by the application processor. An attacker could use this vulnerability to inject malicious code from Android into the modem. This gives the attacker access to the user’s call history and SMS, as well as the ability to listen to the user’s conversations, ”the blog post said.
In a research note, CheckPoint reveals that it notified Qualcomm of the MSM vulnerability in October last year. Qualcomm then notified smartphone vendors of the problem and patches to fix the bug were rolled out over the next several months. However, it is unclear what percentage of the phones have received the necessary software updates to fix the vulnerability to date. The cybersecurity firm announced that Qualcomm MSM is included in phones from OnePlus, Google, LG, and Samsung. Classified as CVE-2020-11292, the vulnerability will also be published in Google’s official June Android security bulletin.
I’ve been writing about consumer technology for over three years, having worked with names like NDTV and Beebom in the past. Leaving the latest news aside, I’ve checked out my fair share of devices that range from smartphones and laptops to smart home devices. I’ve also interviewed tech managers and appeared as a moderator on YouTube videos talking about the latest and greatest gadgets.