Qualcomm’s Mobile Station Modems (MSM) exposed a vulnerability that could allow an attacker to access a user’s SMS messages, audio from phone calls, and more. The vulnerability was discovered by research company Check Point Research, and last August, over 400 vulnerabilities were found on Qualcomm’s Snapdragon Digital Signal Processor (DSP) chip. With a large number of Android phones using Qualcomm SoCs, this would have put an incredible amount of user data at risk. Qualcomm has reportedly released a patch, and Check Point Research has also worked with relevant government officials as well as wireless carriers to help make smartphones safer.
MSM, explains Check Point Research in a blog post, is a series of chips embedded in mobile devices that support advanced features such as 5G, 4G LTE, and high-resolution recording. It’s been present in high-end phones since the early 1990s. Android phones have a proprietary protocol called Qualcomm MSM Interface (QMI) that allows software components in the MSM to communicate with cameras, fingerprint scanners, and other subsystems. Check Point Research has discovered a security issue that could allow attackers to control the modem and insert malicious code into the modem from Android devices.
This would give attackers access to the user’s call history and SMS recordings, as well as the ability to overhear the user’s conversations. It can also be used to unlock the SIM card and bypass the restrictions set by service providers. According to Check Point Research, QMI is present on around 30 percent of all cell phones in the world, according to Counterpoint. The vulnerability was detailed on Check Point’s blog.
The vulnerability has been discolored by Check Point Research for Qualcomm and classified as a Highly Scored Vulnerability – CVE-2020-11292. Relevant cell phone providers were also informed. A Check Point spokesman said Qualcomm had released a patch for the vulnerability, according to a report by Arstechnica. However, it is unclear whether any vulnerable Android devices have been fixed. Qualcomm reportedly said in a statement that fixes were made available to OEMs in December 2020 and consumers are encouraged to update their devices as soon as patches become available.
Check Point also recommends that users update their devices to the latest version of the operating system, not install apps from third-party stores, and enable remote wipe on all mobile devices.
Follow Gadgets 360 for the latest technical news and reviews Twitter, Facebook and Google News. Subscribe to our YouTube channel for the latest videos on gadgets and technology.
Facebook removes Ukraine’s political “influence for hire” network