More than a third of all smartphones in the world have been affected by a new vulnerability in Qualcomm Mobile Station Modem (MSM). This bug gives attackers access to call history, SMS messages, and even allows them to eavesdrop on conversations.MSM is a SoC that allows devices to connect to mobile networks. It was developed back in the 90s and has been constantly improved since then, for example, it added support for 2G, 3G, 4G and 5G.
As a result, MSM has become one of the most widespread technologies in the world today, especially among smartphone manufacturers. Specifically, Qualcomm MSM chips are used in smartphones from Google, Samsung, LG, Xiaomi, One Plus and many other manufacturers.
Check Point experts say they have found a vulnerability in the Qualcomm MSM Interface (QMI), a protocol that allows SoCs to communicate with a smartphone’s operating system. This issue was identified as CVE-2020-11292.
According to experts, a modified Type-Length-Value (TLV) packets received by MSM through the QMI interface can trigger an error in memory corruption (buffer overflow), which ultimately allows attackers to execute their own code on the device.
The report of the specialists states that the exploitation of the vulnerability is impossible if the malformed TLV package is hidden inside third-party applications running in the OS (especially on Android), if the MSM component is protected by SELinux. However, it is noted that the TLV packet can be transmitted via cellular communication or multimedia content sent to the device. When unpacked, such a package can reach the vulnerable QMI.
Although currently about 40% of all smartphones in the world use Qualcomm MSM chips, only about 30% of them are vulnerable to the attacks described by experts.
Check Point told the media that it notified Qualcomm engineers of the issue last year, and in December 2020, the company released a patch for MSM that was distributed to smartphone manufacturers. While Qualcomm says it has notified all manufacturers of the bug, researchers have no idea which companies have patched their products and which have not.
Let me remind you that I also wrote that Kr00k problem threatened devices with Qualcomm and MediaTek Wi-Fi chips.