New Update: Qualcomm Snapdragon bugs leave almost half all smartphones hospitable attack

Security flaws could allow hackers to tack control of devices, spy on users and make un-removable malware

(Image credit: Qualcomm)

New research from Check Point has discovered over 400 vulnerabilities in Qualcomm's Snapdragon Digital Signal Processor (DSP) chip that if exploited, could allow hackers to require control of over 40 percent of all smartphones.

A DSP may be a system on a chip that's used for the audio signal and digital image processing during a number of consumer devices including TVs and smartphones. While DSP chips bring a variety of latest features and capabilities to the devices they're utilized in, they also introduce new weak points and expand a device's attack surface.

Read Also: Qualcomm new ultrasonic fingerprint sensor may accompany a bigger scanning area

The vulnerabilities discovered by Check Point have serious implications as Qualcomm's chips are found in nearly every Android smartphone including flagship phones from Google, Samsung, LG, Xiaomi, OnePlus, and other hardware makers.

We've put together an inventory of the simplest malware removal software
Protect your privacy on mobile with one among the simplest Android VPNs
These are the simplest privacy apps for Android

By exploiting the vulnerabilities in Qualcomm's DSP chip, an attacker can spy on users via their smartphones, render a user's mobile constantly unresponsive and make un-removable malware capable of evading detection.

DSP chip vulnerabilities

Check Point responsibly disclosed its findings to Qualcomm and therefore the chip maker acknowledges the vulnerabilities, notified device vendors and assigned six of the issues with CVE listings.

Qualcomm has already patched the six security flaws affecting its Snapdragon DSP chip but smartphone makers still need to implement and deliver fixes to their users' devices which suggests that a lot of smartphones within the wild are still susceptible to potential attacks.

In a blog post, Check Point provided further insight on how it discovered the vulnerabilities within the company's DSP chips, saying:

“Due to the “Black Box” nature of the DSP chips, it's very challenging for the mobile vendors to repair these issues, as they have to be first addressed by the chip manufacturer. Using our research methodologies and state-of-the-art fuzz testing technologies, we were ready to overcome these issues – gaining us with a rare insight into the internals of the tested DSP chip. This allowed us to effectively review the chip’s security controls and identify its weak points.”

Given the severity of the vulnerabilities in Qualcomm's DSP chips, its recommended that users install any potential patches or fixes as soon as they become available.

A spokesperson from Qualcomm reached out TechRadar Pro and provided the subsequent statement on the matter:

“Providing technologies that support robust security and privacy may be a priority for Qualcomm. Regarding the Qualcomm Computer DSP vulnerability disclosed by Check Point, we worked diligently to validate the difficulty and make appropriate mitigations available to OEMs. we've no evidence it's currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations like the Google Play Store.”




Source URL Techradar