Qualcomm closes vulnerability that allows eavesdropping on smartphone modem
Qualcomm issued a patch to smartphone manufacturers last December for a vulnerability that allowed access to its modems. The vulnerability would affect thirty percent of all mobile phones in the world, security company Check Point claims.
In a statement to American media such as Ars Technica, Qualcomm announces that it has made fixes available in December 2020. The company advises users of Android smartphones to implement the latest updates from the manufacturers.
The vulnerability is in the Qualcomm MSM Interface protocol. An attacker could perform a heap overflow in devices using a Qualcom Mobile Station Modem through the Qualcomm MSM Interface API. The vulnerability was discovered by researchers at Check Point Research. Such an MSM is in high-end Android phones from many manufacturers. The researchers found the vulnerability last year in the Snapdragon 855 of a Google Pixel 4. Qualcomm confirmed Check Point in October to be able to reproduce the vulnerability.
That Interface API gives Android the ability to communicate with the MSM and through that interface the MSM can communicate with other parts of a smartphone, such as the camera and fingerprint scanner. But for that communication it opens logic gates towards the CPU of the phone. The traffic on it can be intercepted if an attacker has access to the firmware of that MSM.
Check Point reported the vulnerability to Qualcomm on October 8 last year. In December, the vulnerability was patched by Qualcomm and manufacturers using the chip were notified. According to Qualcomm, the vulnerability has not yet been actively exploited. To find the vulnerability, Check Point had to reverse engineer Qualcomm’s real-time OS, or QuRT, among other things.