40% of Qualcomm-based Android phones face security risk due to chip vulnerability

According to a report by CheckPoint, the vulnerability has been detected in Snapdragon’s digital signal processor (DSP) chips. 
Qualcomm Snapdragon
Qualcomm Snapdragon
Written by:

A new security vulnerability has been discovered in the Qualcomm Snapdragon chip, which could have put over 3 billion or 40% of Android smartphone users globally at risk. According to a report by cyber security solutions provider Check Point, the vulnerability has been detected in Snapdragon’s digital signal processor (DSP) chips.

A digital signal processor takes signals like audio, video, temperature etc. that have been digitised and then mathematically manipulates them. A DSP is designed to perform mathematical functions like add, subtract, multiply and divide quickly.

On testing the DSP chip, Check Point found over 400 pieces of code that could pose a security threat. If this threat is exploited, hackers can convert any smartphone into a spying tool without the user’s intervention. This could allow hackers to gain access to data including photos, videos, GPS and location data as well. 

A denial-of-service or DOS attack could also be launched by hackers which would freeze the phone. Hackers could also push malware into the phone without the user’s knowledge, which could lead to data theft. 

However, the technical details of how these vulnerabilities can be exploited hasn’t been revealed by Check Point yet. 

Qualcomm chips are used in a wide range of phones from brands like Samsung, Xiaomi, Realme and more. 

Check Point said that they have updated relevant government officials, and mobile vendors they have collaborated with on this research, to assist them in making their handsets safer. 

Qualcomm said it has fixed six security flaws that were discovered after being informed by Check Point. 

“Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Qualcomm told Bleeping Computer in a statement.

The Qualcomm chip vulnerability affects only Android phones, while Apple phones are insulated since the company uses in-house chips. 

“Although Qualcomm has fixed the issue, it’s sadly not the end of the story," Head of Cyber Research at Check Point, Yaniv Balmas, said.

Related Stories

No stories found.
The News Minute
www.thenewsminute.com