Qualcomm MSM Vulnerability That Could Give Access to SMS, Conversations, More Revealed; Fixes Reportedly Shared With OEMs

Technology

Qualcomm’s Mobile Station Modems (MSM) had a vulnerability that could have allowed attackers to access a user’s SMS, audio of phone conversations, and more. The vulnerability was discovered by research firm Check Point Research and it found over 400 vulnerabilities on Qualcomm’s Snapdragon Digital Signal Processor (DSP) chip in August last year. With a vast number of Android phones using Qualcomm SoCs, this would have put a mind boggling number of users’ data at risk. Qualcomm has reportedly released a patch, and Check Point Research also worked with relevant government officials as well as mobile vendors to make smartphones safer.

MSM, Check Point Research explains in a blog post, is a series of chips embedded in mobile devices and supports advanced features like 5G, 4G LTE, as well as high definition recording. It has been present in high-end phones since early 1990s. Android phones have a proprietary protocol called Qualcomm MSM Interface (QMI) that allows software components in the MSM to communicate with the cameras, fingerprint scanners, and other subsystems. Check Point Research found a vulnerability that could allow attackers to control the modem and inject malicious code into the modem from Android devices.

This would give attackers access to the user’s call history and SMS records, as well as the ability to listen in on the user’s conversations. It can also be used to unlock the SIM and bypass the limitations set by service providers. Check Point Research says that according to Counterpoint, QMI is present on around 30 percent of all mobile phones in the world. The vulnerability has been detailed in Check Point’s blog.

The vulnerability was discolored to Qualcomm by Check Point Research and was classified as a high-rated vulnerability — CVE-2020-11292. Relevant mobile vendors were informed as well. According to a report by Arstechnica, a Check Point spokesman said that Qualcomm has released a patch for the vulnerability. However, it is unclear whether vulnerable Android devices have been fixed. Qualcomm reportedly said in a statement that fixes were made available to OEMs in December 2020 and consumers are recommended to update their devices as patches become available.

Check Point also recommends users update their devices to the latest version of the OS, refrain from installing apps from third party stores, and enable ‘remote wipe’ capability on all mobile devices.


Is Mi 11X the best phone under Rs. 35,000? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 23:50), we jump over to the Marvel series The Falcon and the Winter Soldier. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.


Vineet Washington writes about gaming, smartphones, audio devices, and new technologies for Gadgets 360, out of Delhi. Vineet is a Senior Sub-editor for Gadgets 360, and has frequently written about gaming on all platforms and new developments in the world of smartphones. In his free time, Vineet likes to play video games, make clay models, play the guitar, watch sketch-comedy, and anime. Vineet is available on vineetw@ndtv.com, so please send in your leads and tips.
More

Facebook Removes Ukraine Political ‘Influence-for-Hire’ Network

Related Stories

Products You May Like

Articles You May Like

NCIS: Origins Season 1 Episode 10 Reveals Who Has Had The Greatest Impact On Gibbs, And It’s Not Mike Franks
Leonardo DiCaprio Rumored for Evel Knievel Movie
Did Netflix Just Tease the Kagurabachi and Akane-banashi Anime?
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Truth About Uniqlo vs Levi Jeans vs. 1 Tiny Japanese Denim Brand