Google and other Android manufacturers try to keep on top of the hardware and software security, at varying degrees of intensity. But a vulnerability in widely-used Qualcomm SoCs disclosed by Check Point Research today was particularly alarming. It could theoretically allow a malicious app to patch the software for Qualcomm’s MSM modem chips, giving it access to call and text history or even the ability to record conversations.
Check Point’s breakdown of the issue is extremely technical. But to put it in layman’s terms, vulnerabilities were found in the connections between the Qualcomm Modem Interface (QMI) software layer of the modem and the debugger service, allowing it to dynamically patch the software and bypass the usual security mechanisms. Standard third-party apps don’t have security privileges to access to QMI, but if more critical aspects of Android were compromised, this attack could be used.
With the vulnerabilities they found, the researchers determined that a malicious app could listen in to and record an active phone call, get call and SMS records, or even unlock a SIM card. Check Point estimates that the QMI software it discovered as vulnerable is present in approximately 40% of smartphones, from vendors including Samsung, Google, LG, OnePlus, Xiaomi, and more.
While the methods for this attack were described in broad terms, specific necessary information was withheld from the report in order to prevent anyone from easily duplicating the process. As of now, there’s no indication that this method of attack is actually being used “in the wild.”
Qualcomm has been aware of this issue since CPR disclosed it to it in October of last year, and has confirmed it as a high-rated vulnerability, passing it along to Android manufacturers that use its modems. At the time of writing the vulnerability has not been fixed, but presumably both Qualcomm and Google are working on incorporating a solution into a future security patch.
