IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Qualcomm modem flaw puts millions of Android users at risk

Vulnerability found in the chipmaker's Mobile Station Modem could allow hackers to listen to user conversations, although Qualcomm has downplayed the threat

The Android robot in front of lines of code

Checkpoint security researchers have found an exploit in Qualcomm's modem software that can be used to take control of Android devices.

The vulnerability resides in the chipmaker's Mobile Station Modem (MSM), which is a series of system on chips that reside on modems embedded in around 40% of smartphones on the market.

The researchers discovered a flaw that can be used to control the modem and patch it to a device's application processor. Through this, an attacker could inject malicious code into the modem from the operating system and theoretically gain access to a user's call and SMS history, while also providing a way to listen to live conversations.

Checkpoint has so far decided against publishing the full technical details of the exploit until mobile vendors have had the opportunity to release fixes, although the company said it is working with relevant government officials and mobile vendors to assist with this process.

MSM was designed for high-end smartphones and can be found in devices made by Samsung, Google, OnePlus, and Xiaomi. It supports features like 4G LTE and high definition recording and is said to be a popular target for cyber criminals.

Related Resource

Go further with mobile marketing

Easy steps to get your mobile strategy up-to-speed

Easy steps to get your mobile strategy up-to-speed - whitepaper from OracleDownload now

The Android OS communicates with the MSM chip's processor, via the Qualcomm MSM Interface (QMI), and connects to software components in the MSM and other peripheral systems within the device, such as cameras and fingerprint scanners. QMI is in around 30% of all mobiles in the world, according to Checkpoint, but little is known about its potential to be used as an attack vector.

Checkpoint said the discovered vulnerability is a potential leap in mobile chip research that it hopes will allow for a much easier inspection of the modem code by security researchers. The firm has disclosed its findings to Qualcomm, which also confirmed the issue as a "high-rated" vulnerability.

However, Qualcomm has since downplayed the significance of the vulnerability. In a statement to IT Pro, a company spokesperson said: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Check Point for using industry-standard coordinated disclosure practices.

"Qualcomm Technologies has already made fixes available to OEMs in December 2020, and we encourage end-users to update their devices as patches become available," the spokesperson added, suggesting that many fixes will have already been delivered by manufacturers over the past sixth months.

There also does not appear to be any evidence that the flaw has been exploited in the wild.

To secure a device, Checkpoint recommends following mobile-specific best practices, such as updating to the latest version of Android, only downloading apps from official stores, enabling a 'remote wipe' capability and also installing a security service on your device. 

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022