Qualcomm has confirmed the bug and fixed the issue and mobile players are notified, according to the researchers.
If exploited, the vulnerability in Qualcomm mobile station modem (MSM) would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations, according to Check Point Research.
“During our investigation, we discovered a vulnerability in a modem data service that can be used to control the modem and dynamically patch it from the application processor,” they said in a blog post on Thursday.
According to Counterpoint Research, Qualcomm’s Mobile Station Modem is a system of chips that provides capabilities for things like voice, SMS, and high-definition recording, mostly on higher-end devices.
“This means an attacker could have used this vulnerability to inject malicious code into the modem from Android, giving them access to the device user’s call history and SMS, as well as the ability to listen to the device user’s conversations,” they added.
A hacker can also exploit the vulnerability to unlock the device’s SIM, thereby overcoming the limitations imposed by service providers on it.
Mobile devices should always be updated to the latest version of the OS to protect against the exploitation of vulnerabilities. Only installing apps downloaded from official app stores reduces the probability of downloading and installing a mobile malware,” the researchers advised.
In August 2020, Check Point Research found over 400 vulnerabilities on Qualcomm’s Snapdragon DSP (Digital Signal Processor) chip that threatened the usability of mobile phones.
Vulnerability also could have potentially allowed an attacker to unlock a mobile device’s SIM, according to the cyber security company.