Qualcomm-Powered Phones Are At Risk Against Hacking

Check Point Research, an Israeli security agency, has discovered a bug in Qualcomm's Mobile Station Modem that affects millions of Android phones around the world. According to the company, hackers may use the weakness to read your text messages, phone calls and, in some cases, even open your SIM card.

Hackers may use Qualcomm's Mobile Station Modem (MSM) to monitor phone calls and other activities. MSM has been used in 2G phones since the 1990s, 3G phones since the 2000s, 4G phones since the 2010s, and even the 5G smartphones available to the market today that use a Qualcomm chipset.

Hackers will use the loophole to "inject malicious code into the modem from Android, giving the attacker access to the user's call history and SMS, as well as the ability to listen in on the user's conversations," according to the paper. Attackers will also use this flaw to disable the SIM card and bypass any restrictions imposed by service providers.

According to a representative from Qualcomm, Check Point's attack scenario appears to be futile because it would require first breaching Android protection. That will already provide the intruder with the same kind of text and call information that could be obtained later by hacking into the MSM modem.

If your Qualcomm-powered phone hasn't had a firmware upgrade since November 2020, you can bet it hasn't been fixed against this bug. It may have been fixed if there has been an upgrade since then.

In October 2020, Check Point alerted Qualcomm of the vulnerability and informed the chipmaker that the flaw will be made public in April 2021. Check Point's decision to delay for a few days into May is unclear.

Surprisingly, no Android security bulletin has listed a patch for the flaw so far. There is speculation that Google will discuss the vulnerability fix publicly with its June security patch.