A vulnerability found in chips manufactured by Qualcommm Inc. that are used in 40% of the world’s smartphones can allow an attacker to inject malicious code.

Discovered and publicized today by security researchers at Check Point Software Technologies Ltd., the vulnerability is found in Qualcomm’s mobile station modem, the chip responsible for cellular communication. MSM is designed for high-end phones and supports advanced features such as 4G LTE and high-definition recording.

The vulnerability was discovered when a security researcher went to implement a modem debugger to explore the latest 5G code. During the investigation, it was discovered that the vulnerability in the modem data service can be used to control the modem and dynamically patch it from the application processor.

With this ability, attackers could inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS as well as the ability to listen to the device user’s conversions. An attacker could also unlock the device’s SIM, overcoming any limitations imposed by service providers.

The MSM can be found in higher-end devices made by Google LLC, Samsung Electronics Co. Ltd., LG Inc., Xiaomi Inc. and OnePlus Technology Co. Ltd. The vulnerability was discovered in 2020 and Check Point informed Qualcomm at the time.

Qualcomm said that it had already made fixes available to original equipment manufacturers in December, though the current status of the rollout by smartphone makers is unknown. The patch may have been rolled out to recent smartphones but often companies abandon providing support updates for devices after a certain number of years. That menas older devices will not receive a security update and hence remain vulnerable.

“This newest security issue with Qualcomm highlights the importance of thorough security vetting pre and post-deployment,” Shachar Menashe, vice president security at product security company Vdoo Connected Trust Ltd., told SiliconANGLE. “In this case, it seems we are dealing with a privilege escalation vulnerability, which means it lets potential attackers run code on the Qualcomm modem if you already have high privileges on the Android application layer. ”

“Automated analysis can help identify zero-day vulnerabilities and configuration risks, even in closed-source components,” Menashe added. “Manufacturers need to trust that their third-party components are secure, especially when these systems are used in nearly 40% of the mobile phones sold today.”

Photo: Raimond Spekking/Wikimedia Commons