A new study has found a dangerous flaw in the Qualcomm chip that could expose 30 percent of mobile phone users to a serious cyberattack. Yes, the pre-eminent semiconductor chip could leave at least 30 percent of the mobile phones used in the world prone to a cyberattack.
The study has discovered a flaw in the Qualcomm chips used in mobile phones. Nefarious and malicious sources can easily use the vulnerability to incur data and privacy theft on the affected devices. The flaw is so dangerous that it can even allow the attacker to listen to the private conversation over the phone and read text messages and view images.
The study was conducted on Qualcomm chips by the security firm known as Check Point Research, which discovered and disclosed a vulnerability present in the Qualcomm mobile chips extensively used worldwide. The number of users using the vulnerability-prone Qualcomm chips is staggering; it amounts to nearly thirty percent of the entire mobile user base. The extensive reach could be attributed to the fact that the chip manufacturer has ties with the world’s well known Android phone manufacturers such as Google, Samsung, LG, Xiaomi, etc.; the phones with the Qualcomm chips can be seen all over the world, and it provides access to millions of users, if not billions of users.
The researchers have concluded that phone chips prone to vulnerability can be found in at least 40 percent of the global population using the phone daily. However, only about 30 percent of the chips possess the technology QMI (also called proprietary interface). QMI is an acronym used for the proprietary interface, and the full form is “Qualcomm MSM Interface.” The MSM is, in turn, an acronym of Mobile Station Modem. QMI is an essential requirement for the attacks to manifest themselves.
The hardware, which gets affected in those attacks and poses risks of vulnerability to the mobile phones is MSM. The MSM (Mobile Station Modem) is also referred to as “system-on-a-chip,” and is an essential component for providing capabilities to a vast number of internal components of mobile phones. According to the theory stated by Check Point Research, the attacks would need to have access to the Operating System before proceeding to compromise the device. However, it is just a commencing step to gain entrance into the device and could be achieved with any proxy applications and phishing sources. It is important to realize that there are many ways to gain surreptitious entry, so the phone would need to have an activated antivirus to detect the presence of a threat.
Now, once the cyber attacker gains access to the internal part of the device, he could begin to install some programs inside the modem, commanding it to unveil sensitive and confidential information. The researchers have suggested that a cyberattack of this magnitude could easily gain control of the phone’s QMI, and it can then dig out confidential information through MSM. We must also remember the fact that QMI also acts as an essential protocol to facilitate communication and information sharing between various components working through MSM. And, if an attacker somehow gains control of your QMI, it would virtually mean that it is game over for your phone. The attacker could sneak into phone calls, read text messages, and get call history data almost at will. The researchers have also theorized that if the attacker tries hard then, he can gain control of your sim card as well. The attacker would have the details of the contacts and could also make calls on your behalf, maligning your reputation altogether.
Yaniv Balmas, who is the head of the research group working at Check Point Research, has revealed that the attackers do often focus on chips mainly because they often prove to be a vulnerable part of an individual’s phone. He also made it clear that flaws in Qualcomm chips could affect many millions of users all across the globe. He also shared that through their research, they have proven the fact that such a flaw is, in fact, present in the Qualcomm chips, and the attackers could easily gain control of QMI after the entry through OS. And, all of this can happen without the proper knowledge of the users.
However, all is not lost, as he has advised all the users to keep their phone updates to all security updates and be vigilant of the world around them.
The Check Point Research has issued a statement in which the institute alludes to the fact that Qualcomm is well aware of the matter, and it has already developed a fix and has supplied it to all the vendors. However, the institute cannot yet ascertain whether the vendors have successfully activated the fix or not.
A flaw has been discovered by Check Point Research in the QMI part of the Qualcomm chips. Learn what you should do to protect your privacy and information.
Katherine Wood is an avid technical blogger, a magazine contributor, a publisher of guides at norton.com/setup and a professional cyber security analyst. Through her writing, she aims to educate people about the dangers and threats lurking in the digital world.