A high-risk security vulnerability in Qualcomm mobile chip can impact nearly 40 percent of the high-end smartphones from Google, Samsung, LG, Xiaomi and OnePlus.
A vulnerability in Qualcomm mobile station modem (MSM) would have allowed cyber attackers to use Google’s Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations, according to Check Point Research.
Vulnerability could have potentially allowed an attacker to unlock a mobile device’s SIM. Qualcomm has confirmed the bug and fixed the issue and informed mobile phone suppliers, IANS reported.
The chip-maker classified the high-rated vulnerability as CVE-2020-11292, notifying the relevant device makers.
Qualcomm provides a variety of chips that are embedded into devices that make up over 40 percent of the mobile phone market.
According to Counterpoint Research, Qualcomm’s Mobile Station Modem is a system of chips that provides capabilities for things like voice, SMS, and high-definition recording, mostly on higher-end devices.
Smartphone makers can customize the chips so they do additional things like handle SIM unlock requests. The mobile phone chips run in 31 percent of the world’s smartphones, according to figures from Counterpoint Research.
“During our investigation, we discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor,” Check Point Research said in a blog post.
This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations, Check Point Research said.
A hacker can also exploit the vulnerability to unlock the device’s SIM, overcoming the limitations imposed by service providers on it.
Mobile devices should be updated to the latest version of the OS to protect against the exploitation of vulnerabilities. Only installing apps downloaded from official app stores reduces the probability of downloading and installing a mobile malware.
In August 2020, Check Point Research found over 400 vulnerabilities on Qualcomm’s Snapdragon DSP (Digital Signal Processor) chip that threatened the usability of mobile phones.