Security researchers discovered a high-risk security flaw in the Qualcomm mobile chip that controls cellular communication in nearly 40% of high-end phones from Google, Samsung, LG, Xiaomi, and OnePlus.
According to Check Point Research, if the Qualcomm Mobile Station Modem (MSM) weakness had been exploited, an hacker might have used Android OS as an entry point to insert malicious and invisible code into phones, giving them access to SMS messages and audio of phone conversations.
According to the cyber security firm, the security flaw may have enabled an hacker to access a mobile device’s SIM card.
According to the researchers, Qualcomm has verified the bug and fixed the issue, and mobile players have been informed.
The high-rated vulnerability was listed as CVE-2020-11292, and the relevant device vendors were notified.
Qualcomm makes a wide range of chips that are used in devices that account for more than 40% of the mobile phone market.
Qualcomm’s Mobile Station Modem, according to Counterpoint Research, is a chip system that enables features such as voice, SMS, and high-definition recording on higher-end devices.
According to figures from Counterpoint Research, “Phone-makers can customise the chips so they do additional things like handle SIM unlock requests. The chips run in 31 per cent of the world’s smartphones”
The Check Point team discovered that the best way for a security researcher to introduce a modem debugger to explore the new 5G code is to hack MSM data services via QMI. Of course, a hacker might do the same.
The researchers noted in a blog post on Thursday, “This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations,”
A attacker may also use the flaw to unlock the device’s SIM card, allowing them to bypass the restrictions imposed by service providers.
The researchers recommended “Mobile devices should always be updated to the latest version of the OS to protect against the exploitation of vulnerabilities. Only installing apps downloaded from official app stores reduces the probability of downloading and installing a mobile malware,”
Check Point Research discovered over 400 bugs in Qualcomm’s Snapdragon DSP (Digital Signal Processor) chip in August 2020, posing a danger to mobile phone usability.