Qualcomm’s Mobile Station Modems (MSM) had a vulnerability that might have allowed attackers to entry a consumer’s SMS, audio of telephone conversations, and extra. The vulnerability was found by analysis agency Check Point Research and it discovered over 400 vulnerabilities on Qualcomm’s Snapdragon Digital Signal Processor (DSP) chip in August final yr. With an enormous variety of Android telephones utilizing Qualcomm SoCs, this might have put a thoughts boggling variety of customers’ knowledge in danger. Qualcomm has reportedly launched a patch, and Check Point Research additionally labored with related authorities officers in addition to cellular distributors to make smartphones safer.
MSM, Check Point Research explains in a blog post, is a sequence of chips embedded in cellular gadgets and helps superior options like 5G, 4G LTE, in addition to excessive definition recording. It has been current in high-end telephones since early 1990s. Android telephones have a proprietary protocol referred to as Qualcomm MSM Interface (QMI) that permits software program elements within the MSM to speak with the cameras, fingerprint scanners, and different subsystems. Check Point Research discovered a vulnerability that might permit attackers to regulate the modem and inject malicious code into the modem from Android gadgets.
This would give attackers entry to the consumer’s name historical past and SMS data, in addition to the flexibility to eavesdrop on the consumer’s conversations. It can be used to unlock the SIM and bypass the restrictions set by service suppliers. Check Point Research says that based on Counterpoint, QMI is current on round 30 % of all cellphones on the earth. The vulnerability has been detailed in Check Point’s blog.
The vulnerability was discolored to Qualcomm by Check Point Research and was categorized as a high-rated vulnerability — CVE-2020-11292. Relevant cellular distributors had been knowledgeable as properly. According to a report by Arstechnica, a Check Point spokesman stated that Qualcomm has launched a patch for the vulnerability. However, it’s unclear whether or not susceptible Android gadgets have been mounted. Qualcomm reportedly stated in a press release that fixes had been made accessible to OEMs in December 2020 and shoppers are advisable to replace their gadgets as patches grow to be accessible.
Check Point additionally recommends customers replace their gadgets to the most recent model of the OS, chorus from putting in apps from third occasion shops, and allow ‘distant wipe’ functionality on all cellular gadgets.
