CPR revealed the vulnerability in a press release sent to Lifewire, noting that it can be found in Qualcomm’s current MSMs, including its 5G chipsets. These chips are often found in high-end devices like Google, Samsung, Xiaomi, and LG smartphones, and are responsible for all of the device’s cellular communication. Because Qualcomm chips are used in so many smart devices—Qualcomm MSMs could be found in roughly 32% of phones around the world in 2020—the potential reach of this vulnerability is massive. One of the biggest concerns surrounding this security flaw is the access that it can give malicious attackers. If exploited, CPR says the vulnerability could allow users to gain access to the MSM from the operating system, itself. This could allow the attacker to hide much of the access that it has and the activities it is completing. On top of giving access to text messages, the exploit could give a malicious person access to your phone call audio, and even allow them to unlock your device’s SIM. “Cellular modem chips are often considered the crown jewels for cyber attackers, especially the chips manufactured by Qualcomm,” Yaniv Balmas, head of cyber research at Check Point Software Technologies, wrote in the press release. “An attack on Qualcomm modem chips has the potential to negatively affect hundreds of millions of mobile phones across the globe. Despite this, very little is out there on how vulnerable these chips actually are because of the innate difficulty designed around access and inspection.” Balmas also stated that he believes the research that CPR is doing will allow for a huge leap in the inspection of modem code, which hopefully should allow for better user safety in the future. According to the Timeline shared by CPR, the vulnerability originally was discovered and reported to Qualcomm in October. It is currently filed under CVE-2020-11292 on the list of Common Vulnerabilities and Exposures. For now, this form has yet to be updated with any real information about the flaw. CPR said that Qualcomm has fixed the vulnerability, but it is up to individual vendors to distribute it, which could take some time.
