There are more than 3 billion smartphone users in the world, and nearly one-third of them are using Qualcomm baseband chips that have been exposed to a large number of vulnerabilities. This means that attackers can launch SIM card cracking attacks against hundreds of millions of people and monitor calls. Compared with the Bluetooth vulnerability, the security risks on Qualcomm’s mobile chipset are much more serious. Unfortunately, even if Android smartphones dominate the market, the fix still cannot be quickly pushed to all affected terminals.
Samsung, LG, Google, OnePlus, Xiaomi and other manufacturers are not immune. According to a research report by the security company Check Point, they found more than 400 vulnerabilities in the digital signal processor (DSP) subsystem of the Qualcomm Snapdragon chipset last year. Fortunately, the company finally fixed it in November 2020.
Recently, however, researchers have discovered another serious security hole in the Qualcomm baseband chip (Mobile Station Modem). As a system-on-chip, it is responsible for managing all processing, management, and wireless networking functions on modern mobile devices.
As early as 1990, Qualcomm took the lead in putting out the first-generation design plan. Nowadays, about 40% of smartphones in the world are in use. However, Check Point’s new research reveals how malicious actors can use Qualcomm baseband chip vulnerabilities to launch potential attacks.
Specifically, they studied the proprietary communication protocol called Qualcomm MSM Interface (QMI interface) on Android smartphones, and its ability to communicate with various components and peripherals (available on 30% of smartphones worldwide).
It turns out that malicious actors can exploit this vulnerability by side-loading apps (or obtained from third-party app stores) on smartphones. As verification, Check Point resorted to a process called fuzzing MSM data services.
By injecting malicious code into Qualcomm’s real-time operating system (QuRT), which manages MSM, attackers can easily succeed—even if it shouldn’t even happen on Android devices that have already been rooted.
TechSpot pointed out that the QMI voice service is one of the many services that the MSM module provides to the Android mobile operating system. It can be used to take over MSM and inject code into QuRT. The attacker can then easily access the SMS and call history, and start monitoring the victim’s voice call. In addition, attackers can use the same vulnerability to crack the SIM card and bypass all security measures taken by Google and mobile phone manufacturers.
Fortunately, Qualcomm has disclosed the existence of this vulnerability (CVE-2020-11292) to all affected customers and issued a patch fix in December 2020. As for which phones have received the relevant patches, please pay attention to the Android security bulletin to be announced in June.
Finally, considering that many Android smartphone manufacturers only provide major version updates for mobile phones for 2 years, it is expected that many entry-level devices may not be able to quickly obtain this patch or even no security updates at all. Either way, the vulnerability has had a significant impact on hundreds of millions of smartphone users worldwide, and even the latest Qualcomm Snapdragon 888/870 5G SoC has not been spared.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.