Security researchers discovered a vulnerability in a Qualcomm cellular chip.
A new report from Ars Technica explains that Check Point Research found a security vulnerability in Qualcomm’s mobile station modem (MSM), the chip responsible for cellular communication in nearly 40 percent of the world’s phones.
If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations.
The heap overflow vulnerability, called CVE-2020-11292, resides in the QMI voice service API exposed by the modem to the high level operating system, and could be exploited by a malicious app to conceal its activities “underneath” the OS in the modem chip itself, thus making it invisible to the security protections built into the device.
“This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations,” the researchers wrote. “A hacker can also exploit the vulnerability to unlock the device’s SIM, thereby overcoming the limitations imposed by service providers on it.”
Check Point disclosed their findings to Qualcomm in October, who later confirmed their research, rated the security bug as a high severity vulnerability and notified the relevant vendors.
“We ultimately proved a dangerous vulnerability did in fact exist in these chips, revealing how an attacker could use the Android OS itself to inject malicious code into mobile phones, undetected,” said Yaniv Balmas, Check Point’s Head of Cyber Research.
“Going forward, our research can hopefully open the door for other security researchers to assist Qualcomm and other vendors to create better and more secure chips, helping us foster better online protection and security for everyone.”
“Providing technologies that support robust security and privacy is a priority for Qualcomm,” the company said in a statement. “We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices. Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end users to update their devices as patches become available.”