Qualcomm, a flaw jeopardizes call privacy on Android
A group of IT experts working for Check Point Research have discovered a vulnerability in the Qualcomm SoC widely used on Android smartphones. It could, theoretically, allow a malicious application to patch Qualcomm’s MSM modem chip software, giving it access to call and text history or even the ability to record conversations. Let’s find out more about it.
The security flaw of Qualcomm SoCs
As the cybersecurity firm claims, the problem is extremely technical and difficult to explain. But to put it simply, vulnerabilities have been found in the connections between the software layer Qualcomm Modem Interface (QMI) the modem and the debugger service, allowing you to dynamically patch software and bypass the usual security mechanisms. Standard third-party apps don’t have security privileges to access QMI, but if the more critical aspects of Android were compromised, this attack could be used.
With the vulnerabilities they discovered, researchers determined that a malicious app could listen to and record an active phone call, get call and SMS recordings, or even unlock a SIM card. Check Point estimates that the QMI software it has discovered as vulnerable is present in approximately 40% of smartphonesfrom vendors including Samsung, Google, LG, OnePlus, Xiaomi and others.
The hope of all is that we will be able to intervene immediately and eliminate this dangerous risk to the security and privacy of users. On this, a spokesperson for the chip company put it: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the Check Point security researchers for using industry standard coordinated disclosure practices. Qualcomm Technologies has already made fixes available to OEMs in December 2020 and we encourage end users to update their devices as soon as the patches become available. “