Around 400 and more vulnerabilities found on Qualcomm Snapdragon chips leave millions of Android users at risk.
Around 400 and more vulnerabilities found on Qualcomm Snapdragon chips leave millions of Android users at risk.
Our phone contains a vast amount of personal documents. Thus the presence of any security hole, will give access to hackers and take full control of our device and we won't even know about it.
Qualcomm is a major chip supplier to many well-known companies. The Qualcomm’s Snapdragon series is among the most common in Android smartphones. The Qualcomm DSP chips are found in high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and many more.
Researchers at Check Point have discovered 400 security flaws within the Digital Signal Processor (DSP) chips.
The DSP is a system on a chip with hardware and software capabilities such as multimedia features like video and HD capture, audio features and quick charge. Nearly all the smartphones have one of these chips.
The 400 pieces of flawed code have been broken down into six separate security flaws, which are represented by their CVE listings:
- CVE-2020-11201
- CVE-2020-11202
- CVE-2020-11206
- CVE-2020-11207
- CVE-2020-11208
- CVE-2020-11209
These six vulnerabilities are collectively called `Achilles, ’ which can convert the smartphones into a spying tool without the user's interaction.
Hackers can get access to photos, videos, call recordings, microphone, GPS and location data.
Hackers can induce malicious code on these phones and hide their activity in a way that would be unknown to the victim and unremovable.
Hackers can push a denial-of-service attack where they could freeze the phone, and all the data would be permanently accessible.
“We have also updated relevant government officials, and relevant mobile vendors we have collaborated with on this research to assist them in making their handsets safer, ” said Check Point.
The Qualcomm chip fake affects only Android smartphones; iPhones are on the safer side as they use in-house chips.
“Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store, ” reported Qualcomm.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?