Android users should be very careful about this news because there’s a privacy issue going on. Experts from Check Point Software Technologies have discovered a security vulnerability in Qualcomm’s mobile station modem (MSM), the chip responsible for communication in nearly 40% of Android smartphones worldwide.
This vulnerability would allow a cybercriminal to use the Android operating system as an entry point to inject malicious and invisible code into phones. As a result, you might be giving access to SMS messages and the audio of conversations.
Privacy and security vulnerabilities are concerning for Android users
As the number of smartphone users surpasses 3 billion worldwide, manufacturers are going all out to create different and innovative technologies to improve their devices. With such a competitive and fast-growing market, brands often rely on third parties, such as Qualcomm, to produce hardware and software for phones.
Qualcomm currently supplies a wide variety of chips that are integrated into a large number of handsets that make up more than 40% of the mobile phone market, including high-end phones from Google, Samsung, LG, Xiaomi, and OnePlus. In August 2020, Check Point Research found more than 400 vulnerabilities in Qualcomm’s Snapdragon DSP (Digital Signal Processor) chip that threatened privacy of these devices.
That fragility is in Qualcomm’s Mobile Station Modems (MSM), a series of systems-on-chips embedded in the devices, including its 5G MSM. It is important to note that 5G is the next mobile technology standard to succeed 4G/LTE, and since 2019, countries around the world are implementing the infrastructure. By 2024, it is estimated that there will be 1.9 billion 5G subscriptions worldwide.
What is MSM?
Qualcomm has been designing MSM for high-end phones since the early 1990s and supports advanced features such as 4G LTE and HD recording. It is clear that MSM has always been and will continue to be a major focus for cybersecurity research as well as cybercriminals.
Also, the Android system has the ability to communicate with the MSM chip’s processor through the Qualcomm MSM Interface (QMI), a proprietary protocol that enables the communication between MSM software components and other peripheral subsystems on the device, such as cameras and fingerprint scanners. According to researches, QMI is present in approximately 30% of the world’s smartphones. However, little is known about its role as a potential attack vector.
Exploiting MSM data services puts user privacy at risk
CPR has found that if a cybersecurity researcher wants to implement a modem debugger to explore the latest 5G codes the easiest way would be to attack MSM data services via QMI as a cybercriminal could also do. During the research, they have discovered a vulnerability in a modem data service that can be used to control and patch it dynamically from the application processor.
This means that a cybercriminal could use this weakness to inject malicious code into the modem from Android, giving them access to both call history and SMS and conversations, and could even exploit it to unlock the SIM, thus overcoming the limitations imposed by service providers on it.
For CPR, this research represents a leap forward in the area of mobile chips. The finding of this weakness is expected to enable much easier inspection of modem code by researchers, a task that is notoriously difficult to perform today.
Check Point Research has responsibly reported the information found in this research to Qualcomm, which has confirmed the issue, defined it as a high-level vulnerability, and classified it as CVE-2020-11292, notifying the relevant device vendors.