- The vulnerability has been found in Qualcomm Snapdragon chipset’s Digital Signal Processor (DSP)
- The vulnerability gives hackers access to confidential data on the device, including calls, contacts, location, photos, real-time microphone data
The vulnerability in the Qualcomm Snapdragon chip may have put more than 40 percent of global Android devices at risk. According to a new report, a vulnerability has been found in Snapdragon’s digital signal processor, also known as DSP, which could lead to exploitation. A malicious actor could target the vulnerability to install spyware that would excuse as a benign application on smartphones powered by Qualcomm’s ubiquitous chipset. The Qualcomm Snapdragon has powered smartphones of major companies like Sony, Samsung, Google, LG, Xiaomi, and OnePlus by Qualcomm Snapdragon chipsets.
Security research at Check Point discovered a vulnerability in chips, in addition to mentioning objectives, that could be used to target more than 40 percent of currently active Android devices worldwide. According to Google, as of April last year, there were over 2.5 billion active Android devices. This makes the current situation even more difficult, as it is almost a year after that announcement. According to Check Point, Qualcomm’s Snapdragon vulnerability can open up various streams to hackers and stack Android smartphones at risk of espionage, data theft, and brick-beating.
The report states that the hacker will require a user of these devices to install a small, benign application that will gain access to most of the confidential data on the device, such as phone calls, contacts, photos, location, and real-time microphone data. This set of data can be used to spy on users, possibly ending in a large-scale money extension scam. The data stored on these devices can also be locked without the user’s knowledge, in a manner that is best. And finally, hackers can pasteurize smartphones with services that users are likely to decline and eventually lose access to devices via brick.
Qualcomm has acknowledged the vulnerabilities and also assigned CVE numbers to them. It has informed vendors like Samsung, Google and more about the vulnerability and has started working on the patch. But due to the way Android updates are pushed across devices, due to the lack of a single channel, vendors may eventually take longer to release patches by hackers as to exploit the vulnerability. Yaniv Balmas, head of cyber research at the check point, said, “Although Qualcomm has fixed the issue, it is not sad.” “If such vulnerabilities are found and used by malicious actors, there will be almost millions of mobile phone users to protect themselves over the long term,” he said.
Since the vulnerability is concentrated in the DSP of the chipset, which is managed by Qualcomm as a “black box”, it is difficult for vendors or companies other than Qualcomm to understand the complexity, review the design, and work on fixes It is possible. A botched-up effort can only exacerbate the problem, making DSPs more vulnerable to potential risks.
On the other hand, about a Qualcomm spokesman told Forbes, “is to provide technologies that support strong security and privacy is a priority for Qualcomm. Czech made manifest by Point Qualcomm computer DSP vulnerability, we validate this issue and has worked hard to provide appropriate mitigation. With OEMs. We have no evidence that this is currently being exploited. We encourage end-users to update their devices as patches are available. Go and install applications only from trusted places like the Google Play Store. “
Qualcomm’s statement did not specify how long it would take for the patch to be released, deepening concerns of a major fraction of the world’s total Android device users. For now, the only solution is to avoid visiting potentially risky websites, downloading unknown and strange content, and waiting for it to recover.