Qualcomm bug leaves 31 percent of smartphones vulnerable to eavesdropping

Posted on Friday, May 07 2021 @ 09:34 CEST by Thomas De Maesschalck
IBM  logo
Check Point Research security researchers discovered a grave vulnerability in a Qualcomm chip that's used by high-end smartphones made by companies like Google, Samsung, LG, Xiaomi, and OnePlus. A heap overflow vulnerability could potentially be exploited by an attacker to install malware inside Qualcomm’s Mobile Station Modem.

About 31 percent of smartphones are affected

Given how widespread these chips are, it's estimated that 31 percent of the world's smartphones are vulnerable to this attack. Attackers could gain access to a device's call and SMS history, as well as eavesdrop on a user's conversation. ARS Technica writes Qualcomm has issued a patch but the implementation of these fixes will likely take a lot of time.
The vulnerability is tracked as CVE-2020-11292. Check Point discovered it by using a process known as fuzzing, which exposed the chip system to unusual inputs in an attempt to find bugs in the firmware. Thursday’s research provides a deep dive into the inner workings of the chip system and the general outline they used to exploit the vulnerability.

The research is a reminder that phones and other modern-day computing devices are actually a collection of dozens if not hundreds of interconnected computing devices. While successfully infecting individual chips typically requires nation-state-level hacking resources, the feat would allow an attacker to run malware that couldn’t be detected without time and money.
In the meantime, it's unclear which phones are vulnerable and which ones are not. Many older smartphones are unlikely to get a fix.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments