Security Expert Re: Qualcomm Vulnerability Affects 40% Of Mobile Phones

Researchers identified a high severity security vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips, (including the latest 5G-capable versions), that could enable attackers to access mobile phone users’ text messages, call history, and listen in on their conversations.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Shachar Menashe
Shachar Menashe , VP Security
InfoSec Expert
May 10, 2021 9:41 am

<p>This newest security issue with Qualcomm highlights the importance of thorough security vetting pre and post-deployment. In this case, it seems we are dealing with a privilege escalation vulnerability, which means it lets potential attackers run code on the Qualcomm modem if you already have high privileges on the Android application layer.  Last fall, Vdoo <a href=\"https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities&source=gmail&ust=1620724982187000&usg=AFQjCNE_DjQDFWRNjOt5i_HmBkRAqdnh1Q\"> disclosed a Qualcomm</a> vulnerability of a similar type – issues in QCMAP, which is part of QMI, the subject of the current vulnerability —  indicating that more vulnerabilities could be found in the QMI interface, and should be thoroughly checked.   Automated analysis can help identify zero-day vulnerabilities and configuration risks, even in closed-source components. Manufacturers need to trust that their third party components are secure, especially when these systems are used in nearly 40% of the mobile phones sold today.</p>

Last edited 1 year ago by Shachar Menashe
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x