Check Point Research Published Recentlycontains conclusions according to which a vulnerability was found in Qualcomm mobile modems that endangers millions of devices (up to 30% of smartphones running Android).
Mobile Station Modem (Mobile Station Modern,MSM) is a 2G, 3G, 4G and 5G SoC series developed by Qualcomm for making phone calls and sending SMS. Experts called the vulnerability SMU-2020-11292, and it affects the MSM itself and uses the Qualcomm MSM Interface (QMI), which ensures the integration of the modem's software modules with other device systems.
Today QMI is involved in 30%devices running Android. Using the identified vulnerability, hackers will be able to integrate malicious code directly into the modem chip. To do this, the user only needs to install a special hacker application. After installing the code, scammers gain access to listening to the user's conversations and reading SMS.
Company (manufacturer of Qualcomm modems)announced that it is aware of the vulnerability and is working to resolve the issue. Patches have already been released to fix the vulnerability. However, given the sheer number of devices with MSM, not all users will receive the update right away. Manufacturers of new smartphones will install patches on their own, which also takes a certain amount of time.
Modem manufacturer Qualcomm in the officialThe statement said that maintaining security and privacy is a top priority. In doing so, the company would like to thank the cybersecurity experts Check Point for their vigilance. Further, the company said that in December 2020, fixes were sent to all OEMs. Addressing device users, the company strongly recommends installing all updates regularly.