Mobile, News

Qualcomm Processors Have A Worrying Security Flaw

Leave a comment

Qualcomm provides processors for nearly every smartphone OEM you can think of. The company’s success in providing stable, powerful systems on a chip (SoCs) have made it one of the largest suppliers in the world. However, the dependency on a single provider may not bode well for OEMs with a crucial vulnerability being discovered in these SoCs.

green and white lights
Photo by cottonbro on Pexels.com

An Isreali cybersecurity research firm called CheckPoint Research has found a crucial flaw in Qualcomm’s MSM (Mobile Station Modems) that could potentially affect user privacy. The MSM is an SoC itself which allows smartphones using Qualcomm’s processors to connect to cellular networks such as 2G, 3G, 4G and 5G. It also enables a slew of features that complement the connectivity including high definition recording of calls.

The vulnerability affects a protocol called the Qualcomm MSM Interface (QMI) which facilitates communication between MSM’s software components and other systems on the device it’s been deployed in. This vulnerability allows malicious actors (ie hackers) to inject malicious code into the modem. They can do this by deploying apps or other more intricate ways to access data such as user call history and SMS. The fact that the vulnerability could even be exploited to listen in to you conversations and unlock the SIM on the phone is all the more alarming.

Photo by Daniel Romero on Unsplash

Given the proliferation of Qualcomm processors in the market, an estimated 30% of devices worldwide are affected by the security vulnerability. However, in a research note, CheckPoint does indicate that Qualcomm has been notified of the vulnerability since October last year. Since then, Qualcomm and manufacturers such as Samsung have already been deploying fixes for the vulnerability. Of note, the vulnerability will be listed in Google’s next monthly Android Security bulletin. Samsung has indicated that the May 2021 patch does address the vulnerability and has been patching the vulnerability silently since January 2021.

The vulnerability classified as CVE-2020-11292 and has been noted to affect smartphones from OnePlus, OPPO, Google, LG, Samsung and more.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.