Slava Makkaveev, from Check Point Software Technologies, published a blog post on Thursday showing a security flaw in Qualcomm’s Mobile Station Modem Interface. It can be exploited to control the modem and dynamically patch it from the application processor.
An attacker could use the flaw to enter malicious code into the modem from Android. With that, they could get access to the call history and SMS, as well as the capability to listen in on conversations.
Makkaveev wrote that a hacker could use the vulnerability to unlock the SIM and bypass the limitations imposed by services providers on the device.
Patches were dispatched
He added that the Qualcomm Mobile Station Modem Interface enables the chip to communicate with the operating system running the phone. The Check Point report says that Qualcomm Mobile Modem Interface can be found in about 30% of all smartphones in the world today.
Do not worry though, since Check Point notified Qualcomm about this and it tracked the vulnerability as CVE-2020-11292, calling it a ‘high rated vulnerability.’ Patches were sent to the smartphone makers in the fall of 2020, according to Qualcomm’s statement.
The supply chain strikes again
The chip has been used in cellphones and smartphones since the 1990s and has been updated over the years to cope with the transitions from 2G to 3G to 4G and now 5G. Samsung, Xiaomi, One Plus and Google, are just some of the brands that have been using the chip.
Setu Kulkarni, the Veep of strategy at WhiteHat Security said that this was one of the many examples where the supply chain problem plagues phone vendors, the Android OS, the apps on the Play Store, and Qualcomm.
Time will tell if supply chain fixes will prevent such events.