May 28, 2023

A vulnerability found in chips manufactured by Qualcomm that are used in 40% of the world’s smartphones can allow an attacker to inject malicious code.The vulnerability is found in Qualcomm’s mobile station modem, the chip responsible for cellular communication. MSM is designed for high-end phones and supports advanced features such as 4G LTE and high-definition recording.

The vulnerability was discovered when a security researcher went to implement a modem debugger to explore the latest 5G code. During the investigation, it was discovered that the vulnerability in the modem data service can be used to control the modem and dynamically patch it from the application processor.

An attacker could inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS as well as the ability to listen to the device user’s conversions. An attacker could also unlock the device’s SIM, overcoming any limitations imposed by service providers.

Qualcomm said that it had already made fixes available to original equipment manufacturers in December, though the current status of the rollout by smartphone makers is unknown. The patch may have been rolled out to recent smartphones but often companies abandon providing support updates for devices after a certain number of years.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
%d bloggers like this: