Qualcomm Processor Problem Puts Hundreds of Millions of Android Smartphones At Risk

Qualcomm is the leading manufacturer of mobile processors. The Snapdragon series is used by most Android smartphones.

The operating system is embedded in more than 3 billion products, about a third of which run Qualcomm Snapdragon hardware.

Cybersecurity experts at Check Point Research warn of serious vulnerabilities in Qualcomm processors. It’s annoying because the problem covers devices made by manufacturers such as Samsung, LG, OnePlus, Google and Xiaomi.

Experts found more than 400 vulnerabilities in the Snapdragon signal processor (DSP).

At the end of November, Qualcomm provided software patches. Now we understand that a similar problem exists in Mobile Station Modems (MSM) in Qualcomm processors. This is the so-called System-On-Chip (SoC), which is used in 40% of all smartphones on the market. Tests show that the vulnerability can be used as a means to breach device security.

Hackers’ attention is attracted by Qualcomm MSM Interface (QMI) communication protocol, on which 30% of all smartphones are based. Installing an external program allows malware to be deployed remotely. Check Point Research experts use a technique known as “Fusing” in the MSM data service to install malicious code in the QuRT.

This software is responsible for managing MSM and designed to be inaccessible on Android devices. The QMI voice service could become a means of spreading infected code to QuRT.

Thus, hackers could gain access to SMS messages, call history and even eavesdrop on users’ conversations.

The same flaw could be used to unlock the SIM card, overcoming all the security mechanisms of Google and smartphone manufacturers.

Hundreds of millions of Android devices have been affected, including those with Qualcomm Snapdragon 888 and Snapdragon 870 processors.