Flaw in Qualcomm modems enables backdoor for hackers to record your phone calls

According to a new report by security firm Check Point Research, Qualcomm’s Mobile Station Modem (MSM) can be exploited by hackers and used to record phone calls and more. MSM dates back to the early 1990s and used in 2G/3G/4G and even 5G devices and presents a serious vulnerability that can be hacked remotely as easily as sending an SMS message.

From there the wrongdoers gain the ability to listen in on your calls, read through your text messages, and can even unlock your SIM card in order to bypass any limitations imposed by carriers. According to reports nearly 30% of all smartphones use Qualcomm chipsets and are thus potential targets of the exploit. The only thing that users can do at the moment is to keep their devices with the most up to date security patch.

We discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor. An attacker can use such a vulnerability to inject malicious code into the modem from Android. This gives the attacker access to the user’s call history and SMS, as well as the ability to listen to the user’s conversations. A hacker can exploit the vulnerability to unlock the SIM, thereby overcoming the limitations of the service providers imposed on the mobile device. - Check Point Research

According to an official statement issued to Tom’s Guide, Qualcomm has already provided software fixes for the MSM exploit back in December 2020 and subsequent security patches should have ironed out the problem. Strangely enough, no Android security bulletin has thus mentioned a fix for the bug. There’s talk that Google will publicly address the exploit fix in its June security patch.

Source