A excessive severity safety vulnerability present in Qualcomm’s Cellular Station Modem (MSM) chips (together with the most recent 5G-capable variations) may allow attackers to entry cell phone customers’ textual content messages, name historical past, and pay attention to their conversations.
Qualcomm MSM is a sequence of 2G, 3G, 4G, and 5G succesful system on chips (SoCs) utilized in roughly 40% of cell phones by a number of distributors, together with Samsung, Google, LG, OnePlus, and Xiaomi.
“If exploited, the vulnerability would have allowed an attacker to make use of Android OS itself as an entry level to inject malicious and invisible code into telephones,” in accordance with Test Level researchers who discovered the vulnerability tracked as CVE-2020-11292.
The safety flaw may additionally allow attackers to unlock the subscriber identification module (SIM) utilized by cell gadgets to retailer community authentication data and make contact with data securely.
Exploitable by malware to evade detection
To use CVE-2020-11292 and take management of the modem and dynamically patch it from the applying processor, attackers should abuse a heap overflow weak point within the Qualcomm MSM Interface (QMI) interface utilized by the corporate’s mobile processors to interface with the software program stack.
Malicious apps may additionally use the vulnerability to cover their exercise beneath cowl of the modem chip itself, successfully making themselves invisible to safety features utilized by Android to detect malicious exercise.
“We finally proved a harmful vulnerability did in actual fact exist in these chips, revealing how an attacker may use the Android OS itself to inject malicious code into cell phones, undetected,” Yaniv Balmas, Test Level Head of Cyber Analysis, advised BleepingComputer.
“Going ahead, our analysis can hopefully open the door for different safety researchers to help Qualcomm and different distributors to create higher and safer chips, serving to us foster higher on-line safety and safety for everybody.”
Test Level disclosed their findings to Qualcomm in October, who later confirmed their analysis, rated the safety bug as a excessive severity vulnerability and notified the related distributors.
To guard themselves towards malware exploiting this or related safety bugs, Test Level advises customers to replace their gadgets to the most recent launched OS variations that often include safety updates.
Moreover, solely putting in apps from official app shops ought to significantly reduce the danger of unintentionally putting in malicious purposes.
Extra technical particulars on the CVE-2020-11292 vulnerability can be found within the report printed by Test Level as we speak.
Safety updates issued to OEMs in December
After receiving Test Level’s report, Qualcomm developed safety updates to deal with the CVE-2020-11292 safety difficulty and made them obtainable to all impacted distributors two months later, in December 2020.
“Offering applied sciences that help strong safety and privateness is a precedence for Qualcomm,” a Qualcomm spokesperson advised BleepingComputer.
“We commend the safety researchers from Test Level for utilizing industry-standard coordinated disclosure practices.
“Qualcomm Applied sciences has already made fixes obtainable to OEMs in December 2020, and we encourage end-users to replace their gadgets as patches grow to be obtainable.”
On condition that Qualcomm despatched CVE-2020-11292 patches to OEMs final yr, Android customers with newer gadgets nonetheless receiving system and safety updates ought to all be protected towards any makes an attempt to compromise their up-to-date gadgets.
Sadly, those that have not switched to a brand new machine with help for newer Android releases within the final couple of years may not be so fortunate.
Simply to place issues into perspective, roughly 19% of all Android gadgets are nonetheless working Android Pie 9.0 (launched in August 2018) and over 9% Android 8.1 Oreo (launched in December 2017), in accordance with StatCounter data.
Final yr, Qualcomm fixed more vulnerabilities affecting the Snapdragon chip Digital Sign Processor (DSP) chip that enable attackers to take management of smartphones with out consumer interplay, spy on their customers, and create unremovable malware able to evading detection.
KrØØk, a safety flaw that can be utilized to decrypt some WPA2-encrypted wi-fi community packets, was additionally fastened by Qualcomm in July 2020.
One other bug that might enable access to critical data and two flaws within the Snapdragon SoC WLAN firmware permitting over the air compromise of the modem and the Android kernel have been patched one yr earlier, in 2019.