Security Expert Re: Qualcomm Vulnerability Affects 40% Of Mobile Phones

Researchers identified a high severity security vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips, (including the latest 5G-capable versions), that could enable attackers to access mobile phone users’ text messages, call history, and listen in on their conversations.

Experts Comments

May 10, 2021
Shachar Menashe
VP Security
Vdoo

This newest security issue with Qualcomm highlights the importance of thorough security vetting pre and post-deployment. In this case, it seems we are dealing with a privilege escalation vulnerability, which means it lets potential attackers run code on the Qualcomm modem if you already have high privileges on the Android application layer.  Last fall, Vdoo  disclosed a Qualcomm vulnerability of a similar type - issues in QCMAP, which is part of QMI, the subject of the current vulnerability

.....Read More

This newest security issue with Qualcomm highlights the importance of thorough security vetting pre and post-deployment. In this case, it seems we are dealing with a privilege escalation vulnerability, which means it lets potential attackers run code on the Qualcomm modem if you already have high privileges on the Android application layer.  Last fall, Vdoo  disclosed a Qualcomm vulnerability of a similar type - issues in QCMAP, which is part of QMI, the subject of the current vulnerability --  indicating that more vulnerabilities could be found in the QMI interface, and should be thoroughly checked.   Automated analysis can help identify zero-day vulnerabilities and configuration risks, even in closed-source components. Manufacturers need to trust that their third party components are secure, especially when these systems are used in nearly 40% of the mobile phones sold today.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.