Due to the CVE-2020-11292 vulnerability that Check Point Research discovered in Qualcomm SoC modems, attackers can quietly and without any action gain access to confidential information. In particular, they can listen to conversations and view SMS, as well as study the call history. According to experts, about 30% of all smartphones with Qualcomm platforms are vulnerable to vulnerabilities. We are talking about tens of millions of devices.
“This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations,” the researchers wrote. “A hacker can also exploit the vulnerability to unlock the device’s SIM, thereby overcoming the limitations imposed by service providers on it.”
Severe security issue found in Qualcomm mobile chip modems
Based on the description of the vulnerability, hackers or even the smartphone manufacturer itself are capable of injecting malicious code into Qualcomm’s Mobile Station Modem firmware. And this allows the malware to remain unnoticed, and only specialists can detect it with the most thorough and in-depth study of the behavior of a smartphone. The vulnerability itself was discovered by cybersecurity experts using a fuzzing method. Its essence boils down to the fact that the microcircuit of devices receive an attack by an atypical incoming signal; and this allows you to detect errors in the firmware.
The “hole” itself in Qualcomm processor modems was discovered back in October last year; and Check Point Research immediately reported it to Qualcomm. In December last year, the chipmaker released a patch to close the vulnerability; and notified all of its customers who are using the affected chips. True, it takes some time for its distribution; and it is possible that a huge number of smartphones still remain at risk. The vulnerability itself should appear in the Android public bulletin for June this year.
“From our experience, the implementation of these fixes takes time; so some of the phones may still be prone to the threat,” Check Point spokesman Ekram Ahmed in an email. “Accordingly, we decided not to share all the technical details; as it would give hackers a roadmap on how to orchestrate an exploitation.”
“We believe this research to be a potential leap in the very popular area of mobile chip research;” Check Point researchers wrote. “Our hope is that our findings will pave the way for a much easier inspection of the modem code by security researchers; a task that is notoriously hard to do today.”