The greatest evergreen target of Hackers is ‘Android device’. Yes, this was tried to be exploited through MSM but New Qualcomm Chip Bug could let the Hackers spy on Android devices now.
Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. But these 3GPP protocols are not the only entry point into the modem. Android also can communicate with the modem processor through the Qualcomm MSM Interface (QMI).
QMI is a proprietary protocol used to communicate between software components in the modem and other peripheral subsystems. QMI communication is based on a client-server model, where clients and servers exchange messages in QMI wire format. A module can act as a client of any number of QMI services and a QMI service can serve any number of clients. In the context of Qualcomm SoC, which includes Android smartphones, QMI ports are exposed to the Linux-running application CPU core inside the chip. There can be many different transport mechanisms, but in modern integrated chips, the primary one used is the Shared Memory Device (SMD).
Many services are exposed via the QMI protocol stack on one or many QMI ports. Wireless data service (WDS)
OEMs can also add their services to those provided by Qualcomm by default. Note that the fact that a large number of QMI services are written by multiple authors makes them a good target for security research.QMI communication is of the request/response type. Each service registers itself in the QuRT and then waits for requests/messages in a queue. For example, NAS supports more than 130 different messages.
American fuzzy lop (AFL) in combination with QEMU to fuzz the handler functions on Ubuntu PC.
The qmi_voicei_srvcc_call_config_req function begins its execution by parsing the TLV payload. It does not use the QMI framework to convert the payload to a C structure.
If the type of a TLV packet is equal to 1, the value is interpreted as the following:
|October 8, 2020||Bug report and POC sent to Qualcomm.|
|October 8, 2020||Qualcomm acknowledges the report and assigns it QPSIIR-1441 for tracking.|
|October 15, 2020||Qualcomm confirms the issue and names it a High rated vulnerability.|
|February 24, 2021||Check Point requests the CVE-ID for this issue and acknowledges that the disclosure date is April 2021.|
|February 24, 2021||Qualcomm informs Check Point that the CVE-ID will be CVE-2020-11292.|
|May 6, 2021||Public disclosure.|
QMI is present on approximately 30% of all mobile phones in the world If a researcher wants to implement a modem debugger to explore the latest 5G code, the easiest way to do that is to exploit MSM data services through QMI. An attacker can use this vulnerability to inject malicious code into the modem from Android. This gives the attacker access to the user’s call history and SMS, as well as the ability to listen to the user’s conversations.
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…