Posted on August 8, 2020 at 2:50 PM
Qualcomm Flaw Leaves 40% of Android Phones Exposed
Android smartphones around the world may be in danger due to a recently discovered flaw, which could endanger up to 40% of all phones running this OS. The flaw seems to be tied to Qualcomm Snapdragon chipset, and it was reported by Check Point’s security researchers.
In fact, the chip was discovered to have over 400 vulnerabilities, which puts in danger smartphones from Google, Samsung, Xiaomi, LG, and others who use this chipset.
The assessments are still not precise enough to say with certainty how many users are at risk. Some reports claim that over 900 million phones suffer from the flaw, while others have raised the bar to three billion.
What is known is that the flaws were discovered in Qualcomm’s Digital Signal Processor (DSP) chip.
What does the DSP chip do?
As some may know, a DSP is actually a system on a chip, and it features hardware and software which were created to enable and optimize various areas of use of a device they are integrated into. This can include numerous functionalities, from charging to multimedia experience, and more.
The chip was tested by CheckPoint researchers, and they discovered that these flaws could allow hackers to infect smartphones with spyware — a special branch of malware that can be used for spying on infected devices.
The worst part is that this can happen without the user doing or knowing anything about it. Should the hackers manage to infect a phone, they would be able to access almost all of the stored data. That would include photos and videos, call records, GPS, and even real-time microphone data.
Furthermore, hackers might also have the ability to use the flaws in other ways. For example, they could make them completely unresponsive. If this were to happen, users would find themselves unable to access their own information, while the hackers would keep full access to the phone.
What did Qualcomm say?
CheckPoint researchers contacted Qualcomm after the discovery of the flaws, and the company acknowledged the issues after they were presented to them. Further, the firm reacted quickly, notifying relevant device vendors.
Ever since then, the company has been working on fixing the flaws and make the necessary mitigations. So far, there is no evidence that the vulnerabilities were exploited, and the firm wants to keep it that way.
This is also the reason why CheckPoint did not reveal any technical details regarding the flaws, or possible ways in which they can be exploited. The world is full of hackers, whether individuals or entire groups, which would immediately jump on the opportunity to get access to billions of smartphones if given the chance.
However, CheckPoint did notify the government, as well, but also relevant mobile vendors. The discovery of the flaws led to a massive collaboration between all of these entities in an attempt to secure the phones as soon as possible.
What happens next?
So far, Qualcomm said that it managed to patch around six flaws that CheckPoint has uncovered. In other words, there is still plenty of work to be done in order to adequately secure all of the vulnerable devices. However, even after the fixes have been secured, there is still a matter of rolling them out, which will be the vendors’ responsibility.
Meanwhile, any and all Android users are once again advised to update their devices whenever there is a new patch available. Also, if they wish to install new apps, they should not take any risks, and only install those apps that are offered by trusted app stores, such as Google Play Store.