Published in Mobiles

Snapdragon has a security flaw

by on10 August 2020

40 percent of Android phones vulnerable to Achilles

Researchers have found that Qualcomm's Snapdragon chip, one of the most widely used in Android phones, has hundreds of bits of vulnerable code that leaves millions of Android users at risk.

Researchers from Check Point, a cybersecurity firm, found the digital signal processor (DSP) in Qualcomm Snapdragon chips had over 400 pieces of vulnerable code. The vulnerabilities, altogether dubbed "Achilles", can impact phones in three major ways.

Attackers would only have to convince someone to install a benign app that bypasses usual security measures. Once that's done, an attacker could turn the affected phone into a spying tool.

They'd be able to access a phone's photos, videos, GPS, and location data. Hackers could potentially also record calls and turn on the phone's microphones without the owner ever knowing.

Alternatively, an attacker could choose to render the smartphone completely unusable by locking all the data stored on it in what researchers described as a "targeted denial-of-service attack." Lastly, bad actors could also exploit the vulnerabilities to hide malware in a way that would be unknown to the victim, and unremovable.

Part of why so many vulnerabilities were found is that the DSP is a sort of "black box". It's difficult for anyone other than the manufacturer of the DSP to review what makes them work.

The article notes that Qualcomm has no evidence of the vulnerability being exploited in the wild, adding that the company has "reportedly since fixed the issue".

But they also note that it's still up to individual phone makers to push out the relavant security paches, "which could take some time".


Last modified on 10 August 2020
Rate this item
(2 votes)

Read more about: