According to a new report by security firm Check Point Research, hackers can exploit Qualcomm’s Mobile Station Modem (MSM) and use it to record phone calls and other activities. MSM, which has been used in 2G/3G/4G and even 5G devices since the early 1990s, is a major vulnerability that can be hacked remotely as easily as sending an SMS message.
From there, the wrongdoers obtain the ability to listen in on your calls, read your text messages, and even unlock your SIM card to circumvent any carrier-imposed restrictions. According to studies, Qualcomm chipsets are used in nearly 30% of all smartphones, making them potential exploit targets. Currently, the only thing users can do is keep their devices updated with the most recent security patch.
“We discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor. An attacker can use such a vulnerability to inject malicious code into the modem from Android. This gives the attacker access to the user’s call history and SMS and the ability to listen to the user’s conversations. A hacker can exploit the vulnerability to unlock the SIM, thereby overcoming the limitations of the service providers imposed on the mobile device.” Check Point Research
According to a statement given to Tom’s Guide, Qualcomm provided software fixes for the MSM exploit in December 2020, and subsequent security updates should have resolved the problem. Surprisingly, no Android security bulletin has listed a patch for the bug. There is speculation that Google will discuss the vulnerability fix publicly in its June security patch.