A vulnerability in the 5G modem data service could allow mobile hackers to remotely attack Android users by injecting malicious code into the phone’s modem, gaining the ability to execute code, access mobile users’ call records and text messages, and eavesdrop on calls.
According to Check Point Research, the vulnerability (CVE-2020-11292) exists in Qualcomm’s mobile station modem (MSM) interface, which is called QMI. MSM is a system on chip (SoC) designed by Qualcomm, and QMI is a proprietary protocol for communication between software components in the modem and other peripheral subsystems.
The impact of this vulnerability may be far-reaching: MSM has been used by mobile devices in the pre-2G era of the mobile Internet. According to Check Point data, QMI is used in approximately 30% of mobile phones worldwide, including Google Pixel, LG mobile phones, OnePlus mobile phones, Samsung’s flagship Galaxy series, and Xiaomi mobile phones.
A Check Point spokesperson told foreign media Threatpost that in essence, attackers can use this vulnerability to remotely attack mobile devices through malicious or Trojanized Android applications.
He said: “Assuming a malicious application is running on a mobile phone, it can use this vulnerability to hide in the modem chip, making it invisible to all current security measures on mobile phones.”
The spokesperson said that Check Point decided not to share all the technical details of the vulnerability, so as not to provide hackers with a roadmap on how to plan the exploitation.
However, he pointed out: “Basically, we tried to attack the chip from the mobile phone itself, not from the carrier. We found some interesting vulnerabilities there that led to remote code execution.” Fortunately, Qualcomm has released a fix, but the rollout of the patch will be slow.
“Qualcomm said it has notified all Android vendors, and we have talked with some of them ourselves,” the spokesperson told Threatpost. “We don’t know who patched it or not. Based on our experience, these fixes will take time to implement, so many phones may still be vulnerable to threats.”
Qualcomm’s chips had defects before. For example, Check Point disclosed six serious flaws in Qualcomm’s Snapdragon mobile chipset at DEF CON last year. The affected 40% of Android phones in use and exposed the phones to denial of service and permission escalation attacks.