An Estimated 30% of All Smartphones Vulnerable To New Qualcomm Bug (therecord.media) 30
Around a third of all smartphones in the world are believed to be affected by a new vulnerability in a Qualcomm modem component that can grant attackers access to the device's call and SMS history and even audio conversations. From a report: The vulnerability -- tracked as CVE-2020-11292 -- resides in the Qualcomm mobile station modem (MSM), a chip that allows devices to connect to mobile networks. First designed in the early 90s, the chip has been updated across the years to support 2G, 3G, 4G, and 5G cellular communications and has slowly become one of the world's most ubiquitous technologies, especially with smartphone vendors.
Devices that use Qualcomm MSM chips today include high-end smartphone models sold by Google, Samsung, LG, Xiaomi, and OnePlus, just to name a few. But in a report published today by Israeli security firm Check Point, the company said its researchers found a vulnerability in Qualcomm MSM Interface (QMI), the protocol that allows the chip to communicate with the smartphone's operating system. Researches said that malformed Type-Length-Value (TLV) packets received by the MSM component via the QMI interface could trigger a memory corruption (buffer overflow) that can allow attackers to run their own code.
Devices that use Qualcomm MSM chips today include high-end smartphone models sold by Google, Samsung, LG, Xiaomi, and OnePlus, just to name a few. But in a report published today by Israeli security firm Check Point, the company said its researchers found a vulnerability in Qualcomm MSM Interface (QMI), the protocol that allows the chip to communicate with the smartphone's operating system. Researches said that malformed Type-Length-Value (TLV) packets received by the MSM component via the QMI interface could trigger a memory corruption (buffer overflow) that can allow attackers to run their own code.
So you need malicious code running on the phone (Score:2)
And that code likely needs root privileges, isn't it?
Re: (Score:2)
and it might already be patched on phones, at least those getting updates...
Re: (Score:3)
The article says this can be exploited by the cellular base station sending you malformed packets. I guess StingRay [wikipedia.org] and the like will be updated with an option for exploiting this vulnerability.
From the fine article:
Check Point says that exploiting the vulnerability can’t be done by hiding the malformed TLV packets inside third-party apps running on the OS, especially on Android, where the MSM component is protected by SELinux security policies.
However, researchers say that the TLV packet can be hidden inside radio (cellular) communications or multimedia content sent to the device, which, when unpacked, can reach the vulnerable QMI interface.
Re: (Score:3)
> The article says this can be exploited by the cellular base station sending you malformed packets.
Thanks for reporting the essential fact. I suspected this might be true.
The only real solution at this point is to have a phone for pedestrian conversations but then run a hotspot on it and on a non-phone device connect over VPN to the Internet.
Who makes a good holster for two phone-sized devices?
> I guess StingRay and the like will be updated with an option for exploiting this vulnerability.
Damn right
Re: (Score:2)
Arguably, this would not really protect not necessarily protect you, it mostly moves the problem and adds an extra layer of complexity.
You're assuming the second phone is not vulnerable, no lateral movement from intruder, the voip server is secure-the next vulnerability is likely going be targetting something else
a simpler solution is update the phone or get a newer one if it can't be updated
Re: (Score:2)
"and on a non-phone device"
Re: (Score:2)
The article says this can be exploited by the cellular base station
Are you saying my carrier could get access to my call and SMS history using that exploit?
Don't they already have all that information anyways?
So basically, this exploit could be usable if someone accessed the cellular base station to insert malicious code, and my device is not patched already.
Re: (Score:3)
So can anyone with a stingray.
Re: So you need malicious code running on the phon (Score:2)
Re: (Score:2)
If anybody can get a stingray device and get my phone to connect to it, then yes, sure, this is serious. Otherwise, do you mean when I am roaming?
I thought cell phones didn't connect to random base stations like that. Maybe I was naive.
Re: So you need malicious code running on the pho (Score:2)
Re: (Score:2)
what if I don't use calls and SMS? I only use the internet and my important stuff is encrypted anyways.
Re: So you need malicious code running on the pho (Score:2)
Re: (Score:2)
Straight from the story:
>During our investigation, we discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor. This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations. A hacker can also exploit the vulnerability to unlock
Re: (Score:2)
Then there's the fact that this is probably already patched on phones supported by the manufacturers anyway, as the vulnerability was disclosed last year and Qualcomm released relevant patches to vendors after that.
It should be patched by now. But the problem is whether or not those vendors released the patch to users. Some vendors are better than others about updating.
Re: (Score:2)
That's why I made a qualifier that you quoted, "on phones supported by the manufacturers".
Re: (Score:2)
You mean "feature"! (Score:2, Interesting)
Signed,
NSA
Re: (Score:2)
You really think the NSA needs this to access call and SMS history? They can just get it straight from the carriers when they need to.
Huawei phones? (Score:2)
How can I find out what chip is in my Mate 30 Pro? I was hoping it had no US chips in it...
Re: Huawei phones? (Score:2)
Ha (Score:2)
Re: (Score:2)
That's all very well but then I suspect you are entirely susceptible to "Mr. Tracker" in that case.
If you're not using phone calls and texts, then you're probably using VoIP and closed source messaging services on a Google or Apple phone that is tracking you 24x7 using wi-fi triangulation that knows exactly where you are at all times to within a distance of 2m - not to mention the additional tracking through apps from Apple, Google, Facebook, etc.
My Android phones and tablets are all de-Googled. Calls, text
Im sure its by design (Score:2)
Re: (Score:2)
Samsung is the exception. It has its own Exynos CPU line. Most other manufacturers don't and rely on Qualcom for their high end. Huawei is another notable exception.
And even Samsung appears to be split about 50% Exynos/Snapdragon (Qualcomm).
Re: Im sure its by design (Score:2)