The nearly undetectable code might then be able to tap into some of a phone’s most vital functions. The heap overflow the researchers found can be exploited by a malicious app installed on the phone, and from there the app can plant malicious code inside the MSM, Check Point researchers said in a blog post published Thursday.
The chips run in 31 percent of the world's smartphones, according to figures from Counterpoint Research. Phone-makers can customize the chips so they do additional things like handle SIM unlock requests. The vulnerability, discovered by researchers from security firm Check Point Research, resides in Qualcomm’s Mobile Station Modem, a system of chips that provides capabilities for things like voice, SMS, and high-definition recording, mostly on higher-end devices made by Google, Samsung, LG, Xiaomi, and OnePlus. Makers of high-end Android devices are responding to the discovery of a Qualcomm chip flaw that researchers say could be exploited to partially backdoor about a third of the world’s smartphones.