- Original Issue Date: May 13, 2021
- Severity Rating: HIGH
Software Affected
- Might impact up to 30 percent of all Android devices
Overview
- A vulnerability has been reported in the Qualcomm Mobile Station Modem (MSM) Interface, which could be exploited by an attacker to gain access to the user’s call history and SMS.
Description
- This vulnerability exists in Qualcomm MSM Interface (QMI) due to a heap overwrite issue. An attacker could exploit this vulnerability to inject malicious code into the modem from Android, giving them access to the device users call history and SMS, as well as the ability to listen to the device users conversations.
- A hacker can also exploit the vulnerability to unlock the devices SIM, thereby overcoming the limitations imposed by service providers on it.
Solution
- Apply appropriate security updates as made available by the respective device vendors.
References
https://threatpost.com/qualcomm-chip-bug-android-eavesdropping/165934/
Checkpoint
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
Disclaimer
- The information provided herein is on “as is” basis, without warranty of any kind.