qualcomm

The folks over at Israeli cybersecurity firm CheckPoint have discovered a vulnerability inside chips made by Qualcomm that could allow a malicious party to tap into your phone calls and text messages. The flaw was discovered in Qualcomm’s Mobile Station Modems (MSM), a series of system on chips used in mobile devices that allows cellular connectivity (and a host of other feature such as hi-def recording) on over 40% of phones in the world. In this case, phones that were left vulnerable were those that employ a proprietary protocol called QMI (Qualcomm MSM Interface) which allows communication between MSM software components and other subsystems on a phone.

Checkpoint notes that the vulnerability in Qualcomm’s chip could allow a hacker to inject a malicious code into the modem by various means such as an app to access users’ call history and SMS. It could even be exploited to listen to your conversations. The experts at Checkpoint estimate that QMI can be found on over 30% of all phones in the world, which means billions of devices were exposed to a possible attack. In addition to it, the flaw could also have been exploited to unlock the SIM being used on a phone.

“We discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor. An attacker can use such a vulnerability to inject malicious code into the modem from Android. This gives the attacker access to the user’s call history and SMS, as well as the ability to listen to the user’s conversations,” says the blog post.

In a research note, CheckPoint reveals that it informed Qualcomm about the MSM vulnerability in October last year. Qualcomm subsequently notified smartphone vendors about the issue and patches to fix the flaw started rolling out within the next few months. However, it is unclear what percentage of phones have received the necessary software updates to fix the security flaw till date. The cybersecurity firm revealed that Qualcomm MSM is present inside phones offered by the likes of OnePlus, Google, LG, and Samsung. Classified as CVE-2020-11292, the vulnerability will also be disclosed in Google’s official Android security bulletin for June.




I’ve been writing about consumer technology for over three years now, having worked with names such as NDTV and Beebom in the past. Aside from covering the latest news, I’ve reviewed my fair share of devices ranging from smartphones and laptops to smart home devices. I also have interviewed tech execs and appeared as a host in YouTube videos talking about the latest and greatest gadgets out there.

You May Also Like
pixel 6 pro onleaks digit
Pocketnow Daily: Google Pixel 6 Design CONFIRMED(?), Samsung Galaxy Unpacked Date & more! (video)
On today’s Pocketnow Daily, we talk about the possible design of the Google Pixel 6, the next Galaxy Unpacked event, and more.
samsung galaxy z flip
Samsung has a new UTG supplier for the Galaxy Z Flip 3
It seems that Samsung now has Corning as one of its supply chain partners that will help with Ultra-Thin Glass panels for the Galaxy Z Flip 3
oneplus-nord-n200-5g-featured
OnePlus Nord N200 5G costs only $239 and comes with 90Hz display
Today, OnePlus has announced its latest and one of most affordable devices,…