Security researchers have recently uncovered over 400 vulnerabilities in Qualcomm Snapdragon chips that affect over 1 billion Android devices. Even without the user's permission, attackers could easily install malicious apps on the affected devices by just exploiting these vulnerabilities. When this happens, hackers could extract user data, listen in to the surroundings, track user location and a lot more.
New Attack On Android Devices Uncovered
Details about the recently discovered vulnerability was shared by researchers from Check Point. In a brief report of the vulnerabilities the team discovered, it revealed that although the DSP chips offer an economical solution that enables smartphones to deliver more functionality and innovative features to users, they come at a cost. "These chips introduce new attack surface and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as 'Black Boxes' since it can be very complex for anyone other than their manufacturer to review their design, functionality or code," the report explained further.
Qualcomm Snapdragon is in approximately 40% of smartphones all over the world. Check Point claimed that with around 3 billion Android devices, there are around 1 billion devices affected. In the U.S. market alone, there is an estimated 90% of devices housing Qualcomm Snapdragon chips.
The security research firm is currently withholding technical details of the vulnerabilities and how they could be exploited until the concerned companies could release fixes to end-user devices. The vulnerabilities are called Achilles consists of over 400 unique bugs. These bugs are tracked as CVE-2020-11202, CVE-2020-11201, CVE-2020-11207, CVE-2020-11206, CVE-2020-11208, and CVE-2020-11209.
Meanwhile, Wccftech revealed that these vulnerabilities directly affect the digital signal processing function of Qualcomm Snapdragon processors. This particular function is utilized by the device in processing audio, video, augmented reality (AR), and several other multimedia functions. The same function is used in controlling the quick charge features of Android devices.
The report also explained that the Achilles vulnerabilities allow hackers to conceal malicious code from the operating system, making it unremovable. Hackers could also leave Android devices unresponsive. Thus, the device becomes hard to use, difficult to make any changes, and extremely hard to resolve the issue.
Is There A Fix?
Qualcomm earlier released a fix, however, it has not been rolled out any Android device in the form of a software update. Both Google and Qualcomm have not yet shared their plan on when the patches would be available to users. In a statement Qualcomm shared with Ars Technica, it said that there is no evidence that these vulnerabilities are being exploited. The chipmaker, however, advised users only to install apps from trusted sources.
