The Snapdragon chip vulnerability puts more than 1 billion Android phones at risk of data theft

Tram Ho

More than a billion Android devices are facing hacks with the ability to turn them into espionage tools by exploiting more than 400 vulnerabilities in Qualcomm’s Snapdragon chips.

These vulnerabilities can be exploited when the target downloads a video or other content that requires rendering by the chip. Targets can also be hacked if malicious apps are installed even if they don’t require any permissions.

From there, hackers can monitor the location and listen to sounds around the device in real time, and access photos and videos on the device. The vulnerabilities can also cause the phone to completely fail to respond to the user’s request. It’s worth noting that all signs of infection are hidden from the system, making it difficult to fix.

Snapdragon is a DSP chip, or a digital signal processor. This SoC is essentially a computer on a single chip. Many hardware and software components handle a variety of tasks, including charging, video, audio, AR, and other multimedia functions. Phone manufacturers also use DSP chips to run specialized applications that cater to their proprietary features.

New offensive fronts

While the DSP chips offer a relatively economical solution, allowing mobile phones to provide end users with more functionality and support innovative new features – they still have limitations ” – Researchers from security firm Check Point wrote in a brief report about the vulnerabilities they discovered. ” These chips open up a new attack front, with new vulnerabilities, on mobile devices. DSP chips are much more vulnerable to attack, as they are managed as’ Black box ‘because of its very high complexity that no one but the manufacturer can consider their design, function or code .

Lỗ hổng của chip Snapdragon đặt hơn 1 tỷ điện thoại Android trước nguy cơ bị đánh cắp dữ liệu - Ảnh 1.

The researchers named this vulnerability Achilles

Qualcomm has released a patch for the aforementioned vulnerabilities, but up to now, the patch has not yet been integrated into the Android operating system or any Android device using a Snapdragon chip. When asked when they will include a Qualcomm patch in the operating system, a Google representative said they need to check with Qualcomm first to give a specific response, while Qualcomm has not responded to the email when asked. same sentence.

Check Point is currently holding the technical details regarding the vulnerabilities, and how they can be exploited, until patches are delivered to the end-user device. Check Point calls these vulnerabilities Achilles.

In a press release, Qualcomm executives said: ” Regarding the Qualcomm Compute DSP vulnerability detected by Check Point, we immediately worked to validate the issue and put in place mitigation measures. We do not have any evidence that it is currently being exploited.We encourage end users to update their devices as soon as patches are released, and only install the apps. from reliable sources like the Google Play Store.

Check Point says Snapdragon is present in about 40% of phones worldwide. It is estimated that there are 3 billion Android devices in the world, or more than 1 billion phones are affected. In the US market, Snapdragon chips are used for about 90% of devices.

There are not many useful instructions provided to users to help them protect themselves against these vulnerabilities. Only downloading apps from the Play Store is a solution, but Google used to have a lot of “gags” regarding letting malware-containing apps get around censorship, so the effectiveness of this advice was limited. Come on. In addition, there is no effective method to correctly identify malicious media content.

Reference: ArsTechnica

Share the news now

Source : Genk