Bug In Qualcomm Modem Chip Could Harm Android Users

Illustration (Image Credit: Alexandre Debiève / Unsplash)

JAKARTA - A vulnerability in a 5G modem data service could allow mobile hackers to target Android users remotely. Security researchers appear to have discovered a security bug in Qualcomm's SoC.

"Vectors involve targets that install malicious applications. Assuming a malicious app runs on the phone, hackers could use this vulnerability to 'hide' malware inside the modem chip, making it invisible in all security measures on the phone at this time", the researchers said as quoted from Threatpost.

Reportedly, this bug has the potential to affect quite a several Android devices around the world. Found by security researchers from Check Point Research, they found a bug named CVE-2020-11292 present in the Qualcomm Mobile Station Modem (MSM) interface, also known as QMI.

MSM is a System on Chip (SoC) developed by Qualcomm, while QMI is a proprietary protocol that allows modem software components and other subsystems to communicate with each other. Since MSM has been in use since the 2G era, the impact of bugs can be very damaging to the device.

Predictably, the bug could affect a total of 30 percent of Android devices worldwide, of course, with the current number of smartphone users, this figure is quite large and can cause serious things.

Coupled with the vulnerability in the 5G modem data service found, hackers can remotely target Android users, then be able to inject malicious code in the phone's modem, and gain the ability to execute the code.

Fortunately, its researchers realized the problem and immediately addressed Qualcomm to make improvements. However, users will get system updates at a slightly late time.

Because, vendors such as Samsung, Xiaomi, OnePlus, and others must apply fixes to their own customers through regular security updates. That is, it can take longer than expected.