Researchers identified a high severity security vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips, (including the latest 5G-capable versions), that could enable attackers to access mobile phone users’ text messages, call history, and listen in on their conversations.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>This newest security issue with Qualcomm highlights the importance of thorough security vetting pre and post-deployment. In this case, it seems we are dealing with a privilege escalation vulnerability, which means it lets potential attackers run code on the Qualcomm modem if you already have high privileges on the Android application layer. Last fall, Vdoo <a href=\"https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities&source=gmail&ust=1620724982187000&usg=AFQjCNE_DjQDFWRNjOt5i_HmBkRAqdnh1Q\"> disclosed a Qualcomm</a> vulnerability of a similar type – issues in QCMAP, which is part of QMI, the subject of the current vulnerability — indicating that more vulnerabilities could be found in the QMI interface, and should be thoroughly checked. Automated analysis can help identify zero-day vulnerabilities and configuration risks, even in closed-source components. Manufacturers need to trust that their third party components are secure, especially when these systems are used in nearly 40% of the mobile phones sold today.</p>