Qualcomm MSM Vulnerability That Could Give Access to SMS, Conversations, More Revealed; Fixes Reportedly Shared With OEMs
Qualcomm said in a statement that fixes were shared with OEMs in December 2020.
Advertisement
Highlights
- Qualcomm has reportedly issues fixes for the vulnerability
- It is unclear which phones have been fixed
- Qualcomm MSM vulnerability could have allowed access to SMS, calls, etc
Qualcomm MSM supports advanced features like 5G, 4G LTE, and more
Photo Credit: Check Point Research
Qualcomm's Mobile Station Modems (MSM) had a vulnerability that could have allowed attackers to access a user's SMS, audio of phone conversations, and more. The vulnerability was discovered by research firm Check Point Research and it found over 400 vulnerabilities on Qualcomm's Snapdragon Digital Signal Processor (DSP) chip in August last year. With a vast number of Android phones using Qualcomm SoCs, this would have put a mind boggling number of users' data at risk. Qualcomm has reportedly released a patch, and Check Point Research also worked with relevant government officials as well as mobile vendors to make smartphones safer.
MSM, Check Point Research explains in a blog post, is a series of chips embedded in mobile devices and supports advanced features like 5G, 4G LTE, as well as high definition recording. It has been present in high-end phones since early 1990s. Android phones have a proprietary protocol called Qualcomm MSM Interface (QMI) that allows software components in the MSM to communicate with the cameras, fingerprint scanners, and other subsystems. Check Point Research found a vulnerability that could allow attackers to control the modem and inject malicious code into the modem from Android devices.
This would give attackers access to the user's call history and SMS records, as well as the ability to listen in on the user's conversations. It can also be used to unlock the SIM and bypass the limitations set by service providers. Check Point Research says that according to Counterpoint, QMI is present on around 30 percent of all mobile phones in the world. The vulnerability has been detailed in Check Point's blog.
The vulnerability was discolored to Qualcomm by Check Point Research and was classified as a high-rated vulnerability — CVE-2020-11292. Relevant mobile vendors were informed as well. According to a report by Arstechnica, a Check Point spokesman said that Qualcomm has released a patch for the vulnerability. However, it is unclear whether vulnerable Android devices have been fixed. Qualcomm reportedly said in a statement that fixes were made available to OEMs in December 2020 and consumers are recommended to update their devices as patches become available.
Advertisement
Check Point also recommends users update their devices to the latest version of the OS, refrain from installing apps from third party stores, and enable ‘remote wipe' capability on all mobile devices.
Is Mi 11X the best phone under Rs. 35,000? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 23:50), we jump over to the Marvel series The Falcon and the Winter Soldier. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Further reading:
Qualcomm, Mobile Station Modems, Check Point Research, Qualcomm MSM Interface, Qualcomm vulnerability
Advertisement