Categories: NewsTech

Qualcomm Snapdragon chips’ “Achilles” flaw puts millions of Android phones at risk

Qualcomm’s Snapdragon chip is one of the widely used processors in Android devices today. In 2019 alone, nearly 40% of all Android smartphones from Google, Samsung, Xiaomi, LG and OnePlus run on Snapdragon processors.

But researchers from cybersecurity firm Check Point recently discovered that the digital signal processor (DSP) in Snapdragon chips had over 400 pieces of vulnerable code that leave millions of Android users at risk. The vulnerabilities dubbed “Achilles”, could impact phones in three ways.

So what exactly is the DSP and what does it do? According to a Gizmodo article, the DSP enables many of the modern features we have come to expect in phones from quick charging, HD capture and advanced Augmented Reality (AR). This would, in essence, make the DSP a super-efficient and economical component but it also opens potential pathways for hackers to take control of devices.

Check Point said attackers need only need to trick a user to install an app that bypasses all usual security measures. The first way they can inflict harm is through a spying tool that enables them to access a phone’s photos, videos, GPS and location data. Even scarier, hackers are could potentially record phone calls and turn on the phone’s microphones remotely, all without the user ever realising.

Another way is an attacker could choose to render an infected smartphone unusable by locking all data stored on it via a “targeted denial-of-service attack”. The third way they can get you is by hiding malware in your phone that is unremovable.

But why are there so many vulnerabilities? Researchers said this is because the DSP is like a “black box” that can only be opened and reviewed by the manufacturer. Though this makes it hard to crack but it also means that security researchers cannot easily test them, making them ripe for several unknown security flaws.

Check Point said it has disclosed its findings to Qualcomm and affected vendors. It, however, did not publicly publish the particulars of the Achilles flaw as millions of devices still remain at risk. Even though Qualcomm reported that it has since fixed the issue, that doesn’t that your Android phone is safe. It is still up to individual phone makers to push the relevant security patches to truly resolve this vulnerability and that will inevitably take some time.

Qualcomm told CNET that it has “worked diligently to validate the issue and make appropriate mitigations available” to smartphone makers. So far the company has not found any evidence of the Achilles vulnerability exploited in the wild, it advised Android users to update their phones with the latest patches as they become available as well as to only install verified apps from official app stores.

At the same time, Check Point advises users to protect their data on their phones with mobile security solutions. Its SandBlast Mobile is said to provide real-time threat intelligence and visibility into the threats while providing complete protection against the risks posed by Qualcomm’s vulnerabilities.

[SOURCE]

Related reading

Recent Posts

Nissan Kicks e-Power now open for booking in Malaysia, priced below RM130,000

Edaran Tan Chong Motor (ETCM) has announced that the Nissan Kicks e-Power is now open…

2 hours ago

TikTok, Content Forum and UiTM empowers students with Digital Literacy to promote a safer digital space

TikTok in partnership with Communications and Multimedia Content Forum of Malaysia (CMCF) have recently organised…

4 hours ago

Tesla owners in Malaysia can finally use the Autopark feature

Tesla owners in Malaysia have reported that their vehicles can now perform the Autopark feature.…

4 hours ago

Asus ROG Phone 9 series launching in Malaysia on 10th December 2024

After unveiling its latest smartphones, the Asus ROG Phone 9 series, to the world, Asus…

5 hours ago

WhatsApp Voice Message Transcripts converts voice into text

WhatsApp has introduced a new Voice Message Transcripts feature which allows users to easily convert…

11 hours ago

Every Transaction Could Make You a Monthly Millionaire – Here’s How with Maybank’s MAE

This post is brought to you by Maybank. Unlock more than just transactions with MAE’s…

22 hours ago

This website uses cookies.