Qualcomm’s Snapdragon Put Millions of Android at Risk
Currently, a large percentage of Android phones use Qualcomm’s Snapdragon processors. These chips are available in all ranges, so it does not matter if your mobile is low or high-end, it may use a Snapdragon as its brain. And why do we tell you this?
Well, because the cybersecurity firm CheckPoint has just found more than 400 vulnerabilities in the Snapdragon chips and your mobile may be one of those that are in danger.
According to the researchers, if these vulnerabilities are exploited, 40% of Android mobiles would see their confidential data compromised. This includes contacts, call log, location, photos, videos, and even access to your mobile’s microphone records in real-time. And all of this can be done without you realizing it.
Thus, practically your mobile would become controlled by hackers.
This is how the vulnerability of the Snapdragon chips that endangers your Android works
Research in this regard indicates that the vulnerabilities of Snapdragon processors originate in one of its components. Specifically, in the so-called DSP (digital signal processor, for its acronym in English) which is responsible for processing videos, audios, augmented reality, and even fast charging technology on the mobile. Hence, most current smartphones with Snapdragon processors have a DSP.
Being involved in so many mobile processes, it is to be expected that cybercriminals will attack the DSP of the processors. But how will they do it?
Although Qualcomm says that so far there is no evidence to show that the DSPs of its chips have been attacked, Yaniv Balmas (a member of the CheckPoint research team) says that exploiting the vulnerabilities of the DSPs is not so difficult if you understand how these work.
The good news is that DSPs are managed as “black boxes” That is, they can only be manipulated by the manufacturer, Qualcomm. So it’s unlikely that anyone completely outside of Qualcomm knows these components well.
Now, if the knowledge of Qualcomm’s DSPs falls into the wrong hands, the only thing the attacker would need to exploit these vulnerabilities is for the victim to install a simple app (which does not require permissions) or to download a video or another. content that the mobile DSP must render.
Is the solution on the way?
CheckPoint has already sent a report of the problem to Qualcomm, Google, Samsung, and other brands whose phones are affected by these vulnerabilities. At the moment, the only one that has commented on the matter is Qualcomm that assured that they already solved the problem.
However, this does not mean that your mobile is already safe. Mobile phones with a Snapdragon processor that is already on the market must be patched by their respective manufacturers.
How? Through an update that fixes the processor security breach. And, as we all know, Android device manufacturers are not diligent with these kinds of updates.
They take a long time to do it or stop updating their phones that have already been on the market for more than two years. So we recommend that you try to update the security patch of your Android mobile as soon as possible and, in the meantime, do not download or install anything that does not come from official sources.
Source | CheckPoint