Qualcomm MSM (CVE-2020-11292) vulnerability affects 40% of Android phones

Checkpoint researchers have discovered a serious security vulnerability in Qualcomm Mobile Station Modem (MSM). Attackers can use this vulnerability to access the text messages, call history, and monitor calls of mobile phone users.

Qualcomm MSM is a system on chip (SoC) of 2G, 3G, 4G, and 5G. Approximately 40% of mobile phones use Qualcomm MSM, including manufacturers such as Samsung, Google, LG, and Xiaomi.

Check Point researchers discovered a serious security vulnerability in Qualcomm MSM, the vulnerability CVE number is CVE-2020-11292. Attackers can use this vulnerability to use the Android system as an attack entry point to inject malicious and invisible code into the mobile phone. In addition, an attacker can also use this vulnerability to unlock the SIM used by the mobile device to securely store network authentication information and contact information.

To exploit the CVE-2020-11292 vulnerability to control the modem, the attacker needs to use the heap overflow vulnerability in the Qualcomm MSM interface used by the Qualcomm cellular processor to interact with the software stack. Malicious apps can also use this vulnerability to hide their malicious activities so that the malicious activities are not detected by the Android system.

Check Point researchers reported the vulnerability to Qualcomm in October 2020, and then Qualcomm rated the vulnerability as a high-risk vulnerability and notified the relevant vendors. Qualcomm has released a security update for the CVE-2020-11292 vulnerability in December 2020. At the same time, it is recommended that end users update their equipment as soon as possible. Since the patch for this vulnerability was released last year, devices whose system update time is after 2021 will not be affected by this vulnerability.