When you’re on the search for a new smartphone, it’s likely that you’re focused on price, design, and features first – and doubtless not the silicon inside powering it. However, researchers have found that Qualcomm’s Snapdragon chip, one of the most widely used in Android phones, has many bits of vulnerable code that leave millions of Android users in danger.
To back up a bit, Qualcomm may be a major chip supplier to many well-known tech companies. In 2019, its Snapdragon series of processors might be found on nearly 40% of all Android smartphones, including high-profile flagship phones from Google, Samsung, Xiaomi, LG, and OnePlus. Researchers from Check Point, a cybersecurity firm, found the digital signal processor (DSP) in Qualcomm Snapdragon chips had over 400 pieces of vulnerable code. The vulnerabilities, altogether dubbed “Achilles,” can impact phones in three major ways.
Also Read: Samsung Galaxy Note 20 And Galaxy Note 20 Ultra Launch, Price And Specification
Attackers would only need to convince someone to put in a seemingly benign app that bypasses usual security measures. Once that’s done, an attacker could turn the affected phone into a spying tool. They’d be ready to access a phone’s photos, videos, GPS, and location data. Hackers could potentially also record calls and switch on the phone’s microphones without the owner ever knowing.
Alternatively, an attacker could prefer to render the smartphone completely unusable by locking all the info stored thereon in what researchers described as a “targeted denial-of-service attack.” Lastly, bad actors could also exploit the vulnerabilities to cover malware during a way that might be unknown to the victim, and unremovable.
Part of why numerous vulnerabilities were found is that the DSP may be a kind of “black box.” It’s difficult for anyone aside from the manufacturer of the DSP to review what makes them work. that would be seen as an honest thing because it makes them a tough nut to crack. Conversely, it also means security researchers can’t easily test them, meaning they’re likely ripe for several unknown security flaws. the opposite side of it’s that the DSP enables many of the innovative features we’ve come to expect on smartphones. that has things like quick charging, and various multimedia features like video, HD capture, and advanced AR. It makes the DSP a super-efficient and economical component but potentially opens more pathways for hackers to regulate devices.
Check Point says it’s disclosed its findings to Qualcomm, officials, and therefore the affected vendors. However, the firm said it might not publicly publish the particulars of the Achilles flaw as possibly many devices remain in danger. While Qualcomm has reportedly since fixed the difficulty, that doesn’t mean your Android phone is automatically safe. It’s up to phone makers to push the relevant security patches to their customer base, which could take a while.
In a statement to CNET, Qualcomm says it’s “worked diligently to validate the difficulty and make appropriate mitigations available” to smartphone makers. And while the corporate said it hadn’t found any evidence of the Achilles vulnerability exploited within the wild, it advised Android users to update their phones as patches are made available and only install verified apps from official app stores.
We’ve reached bent Qualcomm and major phone makers for comment and can update once we hear back.