A high severity security vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users’ text messages, call history, and listen in on their conversations.
Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips (SoCs) used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi.
“If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones,” according to Check Point researchers who found the vulnerability tracked as CVE-2020-11292.
The security flaw could also enable attackers to unlock the subscriber identification module (SIM) used by mobile devices to store network authentication info and contact information securely.