A vulnerability found in chips manufactured by Qualcomm that are used in 40% of the world’s smartphones can allow an attacker to inject malicious code.The vulnerability is found in Qualcomm’s mobile station modem, the chip responsible for cellular communication. MSM is designed for high-end phones and supports advanced features such as 4G LTE and high-definition recording.
The vulnerability was discovered when a security researcher went to implement a modem debugger to explore the latest 5G code. During the investigation, it was discovered that the vulnerability in the modem data service can be used to control the modem and dynamically patch it from the application processor.
An attacker could inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS as well as the ability to listen to the device user’s conversions. An attacker could also unlock the device’s SIM, overcoming any limitations imposed by service providers.
Qualcomm said that it had already made fixes available to original equipment manufacturers in December, though the current status of the rollout by smartphone makers is unknown. The patch may have been rolled out to recent smartphones but often companies abandon providing support updates for devices after a certain number of years.