A recent research conducted by well-known security research firm Check Point has confirmed that certain Android smartphones that were operating on Qualcomm’s Snapdragon, also referred to as digital signal processor or DSP chip, are prone to multiple vulnerabilities. Nearly 400 in number, these vulnerabilities will give hackers quick and easy access to user sensitive data, make removing malware and other malicious codes difficult and also make the mobile phone completely unresponsive. Many of the high-end phones like Samsung, Xiaomi, OnePlus, and Google are said to be running on this particular DSP chip.
Spokesperson from the company have stated that Qualcomm is trying to find out ways to get these issues fixed and has also asked users to update their phones as and when security patches are being introduced. Technical details pertaining to these vulnerabilities have not yet been published by the company, as it wants its vendor partners to work on ways that can help deal with these vulnerabilities. The entire group of these vulnerability have been named as Achilles by Check Point. The company has informed various device vendors of these vulnerabilities and assigned different CVE fixes which include CVE-2020-11207, CVE-2020-11202, CVE-2020-11209, CVE-2020-11201, CVE-2020-11208 and CVE-2020-11206.
The various vulnerabilities that the Qualcomm DSP Chip can expose the phone to converts the phone into a spying device without requiring any intervention or action from the user’s end. These vulnerabilities will allow a hacker to access photos, call details, videos, location and GPS data, as well as real-time microphone data, and various other private data simply by taking advantage of these security flaws.
Apart from getting access to personal data, the vulnerabilities will allow a hacker to make the phone totally unresponsive. As a result, any information stored in the primary storage, will become totally unavailable and inaccessible. The service that is being attacked will give the hackers the power to prevent the phone’s user from accessing any video, photo, contact list, and various other data stored in the phone. These aside, the flaws have the capacity to make any Waldemar or malicious code that may have found its way into the phone unremovable and can also mask their activities.
Being complex in structure and having a design which is not well defined, these Qualcomm digital signal processor chips are said to be managed as what is called ‘Black Boxes’ which makes these chips the ground that gives rise various vulnerabilities. This makes it crucial for the chip manufacturers to take a serious look at this issue on priority. Many phones have already seem to be affected by these. There are approximately 40% mobile phones which have Qualcomm chips embedded in them. This is a big number of devices that are exposed to the risk posed by the Achilles Vulnerabilities. When looking for a fix, it is important to do so carefully, as any slip might aggravate the problem exposing these android phones to more risks and security threats.
The statements issued by Qualcomm does not specify how much time and effort it will take to introduce these security patches that will help solve or fix this issue. It seems it’s going to take a while before vendors can issue a security patch is identified given that Android updates take time to be fed into devices due to the absence of a single channel. But till such time it is not fixed, Android users across the globe need to be cautious and careful. The few thing that one needs to do to be safe for the time being is to avoid visiting potentially unsafe sites and not download files from unknown sources.