More than one billion Android devices are subject to hacks and breaches after researchers from Check Point found a flaw in Qualcomm’s Snapdragon chip. Cybercriminals can exploit over 400 vulnerabilities and turn your phone into a spying tool, allowing them to track your location, access the device’s microphone, and go through your photos and videos. Moreover, the attack can affect your device’s functionality and make it completely unresponsive.
Hackers can take advantage of these weaknesses when targets download videos or other content that Snapdragon processes. Furthermore, victims can install malicious apps that don’t require any permissions. Once the attackers infiltrate your device, they can listen to your conversations, determine your whereabouts, and steal your data, among other intrusive things. And the worse thing is that they can hide malicious software from the device’s operating system. As a result, any attempt to disinfect the device through updates and patches would be useless.
Qualcomm’s Snapdragon is a system on a chip. It features a graphics and CPU processor, among other components as well. One of its functions, called digital signal processing (DSP), is responsible for charging abilities, audio, video, AR (augmented reality), and other multimedia functions. Smartphone manufacturers also use DSP to launch tailored apps that allow custom features.
The Check Point researchers said that DSP chips introduce innovative features and offer users more functionality, without costing phone makers outrageous money. However, they did warn that they come with a price. “These chips introduce new attack surface and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as ‘Black Boxes’ since it can be very complex for anyone other than their manufacturer to review their design, functionality or code.”
Will Qualcomm Release a Patch?
Check Point only released a brief report of the vulnerabilities, which they named Achilles. It says it won’t disclose technical details and the rest of the findings until fixes make their way into consumers’ devices. The security firm added that while Qualcomm did release patches for the bugs, it still hasn’t integrated them into the Android OS or any Android device that uses Snapdragon. Ars Technica, a technology news website that first reported the story, contacted Google to see when it will add the fixes. A company spokesperson said to check with Qualcomm. However, the latter did not respond to Ars Technica.
The chipmaker released a statement saying that there is no evidence the DSP vulnerability is currently being exploited. It did encourage users to update their devices, though, and only to install apps from reliable sources like Google Play Store.
Check Point said that 40% of mobile phones worldwide feature Snapdragon. And with 3 billion Android devices out there, over one billion can be subject to hacks and data breaches. And while downloading apps for the Play Store can reduce exploitation risks, Google’s past experiences in blocking malicious applications from its platform aren’t very encouraging. In other words, there isn’t an effective way to detect harmful multimedia content.
For the latest online security and privacy tips, guides, and news, visit TheVPN.Guru. The website also offers up-to-date reviews about cybersecurity tools like VPNs.