Hundreds of millions of smartphones worldwide are vulnerable to a security bug, that could allow an attacker to hijack phones and snoop on users. The vulnerability was found in Qualcomm’s Mobile Station Modem Interface, which can be exploited for remote code execution and access the users’ SMS, call history, and conversations. A patch for this was made by Qualcomm already but should be rolling to users worldwide yet.
RCE Vulnerability in Qualcomm Chips
As the Checkpoint researchers pointed out, smartphones housing Qualcomm chips are vulnerable to a security bug that can lead to various breaches. The concerned vulnerability was found in Qualcomm’s Mobile Station Modem Interface, which lets the chip communicate with the device’s OS for performing various functions.
Hackers breaching this can “control the modem and dynamically patch it from the application processor.” This ultimately lets them inject a malicious code into the modem, and achieve access to the device’s call history, SMS and snoop on conversations. Also, they can unlock the SIM that was laid by the service provider, thus giving them more flexibility.
This vulnerability (CVE-2020-11292) was first reported to Qualcomm by Checkpoint in October last year, which in return notified device OEMs too. Qualcomm has returned with a patch for the security bug by December, but it’s the device OEMs’ job to supply to end-users. This supply chain constraint is what putting millions of smartphones at risk now.
As per statistics, there are over 30% of smartphones on the market possessing Qualcomm chips and are vulnerable. Thus, Qualcomm and researchers urge users to apply the patch immediately if made available by their respective smartphone vendors. Finally, Qualcomm appreciated the researchers’ efforts in surfacing this vulnerability and decided to publish details on this in June’s public Android bulletin.
Other Trending News:- News