Discovered at the end of last year, a flaw in a component present in Qualcomm’s Snapdragon SoCs could affect up to 40% of mobiles released between 2007 and 2018. It concerns the modem of Android smartphones and could allow access the data.
There are 3 billion users of smartphones on the planet. Among these mobiles, 40% are powered by chips from the American founder Qualcomm. We thus find its SoC Snapdragon very high-end on premium smartphones, such as Pixels from Google, the Samsung from the range Galaxy S and among the star models of the Chinese Xiaomi and OnePlus, for example.
With such a presence, the slightest vulnerability of these chips can affect as many users as possible. And precisely, the “Research” entity of the Israeli cybersecurity company CheckPoint, has just published a article in which it reveals that its researchers discovered, at the end of 2020, a big flaw in the modems of the SoC Snapdragon. Known as mobile station modems (MSM), this type of modem has been around almost since the early days of mobile telephony. It also supports voice communications, SMS, 4G LTE and 5G.
If you have an Android smartphone released between 2007 and 2018, the probability that it is affected by this flaw is high.
However, this modem has always been targeted by hackers because it represents an ideal entry point to access mobile data. With a breach, a simple SMS, or a packet of data exchanged with the device, could make it possible to take control of it. Because it must be added that, with Android, the system can communicate with this MSM chip and all of the phone’s peripherals, such as cameras, sensor imprint digital, etc. If you have an Android smartphone released between 2007 and 2018, the probability that it is affected by this flaw is high.
A discreet and formidable takeover
To communicate, Android uses an MSM chip management interface called QMI and developed by Qualcomm. However, it is she who presents the vulnerability and the researchers discovered that the hackers could very well exploit this flaw to reprogram the modem by injecting it with malicious code. With this subterfuge, the hacker can then access the call history and SMS of the user of the device as well as listen to the conversations of the latter. He can also exploit this vulnerability to unlock the carte SIM and thus bypass the limitations imposed on it by service providers. All in a totally undetectable way.
A priori, this vulnerability has not yet been exploited and CheckPoint alerted Qualcomm who immediately created a patch to close the breach. All the mobile phone suppliers have also been informed and all that remains is to wait for the updates to be deployed and, above all, to apply them. It remains to be seen whether they will offer the patch on the old models. Anyway, on his blog, the security company does not disclose the details of attack techniques to give vendors some time to implement a fix.
This is not the first time that a flaw has affected elements of Qualcomm’s Snapdragon SoC. Last summer Check Point Research had already discovered more than 400 vulnerabilities on the chip Snapdragon DSP (Digital Signal Processor) of Qualcomm, in other words, the chip that processes certain operations on the smartphone in order to lighten the tasks of the CPU related to audio and video streams, and reduce the consumption ofenergy. In any case, it is better to check today if any updates are available from the settings of the smartphone.
What you must remember
- Modems integrated into the Snapdragon SoCs of Android smartphones suffer from a flaw.
- The vulnerability could result in the collection of personal data by a hacker.
- Sometimes you have to wait for the operators to deliver the updates.
Interested in what you just read?