Security flaws in Qualcomm’s chip put billions of Android users at risk

Over 400 vulnerabilities in Qualcomm’s chip put billions of Android users at risk
Over 40 per cent Android smartphones globally including the ones from Google, Samsung, LG, Xiaomi, among others use Qualcomm chipsets. Security researchers at CheckPoint have discovered over 400 vulnerabilities Qualcomm’s chip.

The report suggests that the vulnerabilities have put three billion Android users globally at risk. The security flaws have been found in Qualcomm’s Digital Signal Processor (DSP) chips.

A DSP is a system on a chip that has hardware and software designed to optimize and enable each area of use on the device itself including charging abilities like quick charge features, multimedia experiences like video, HD Capture, advanced AR abilities, and audio features.

CheckPoint researchers tested the DSP chip and said that these flaws can allow hackers to turn any smartphone into a spying tool without the user’s interaction. Additionally, researchers also said that hackers can get access to user data including photos, videos, call recordings, real-time microphone data, GPS, and location data.

The researchers also stated that the flaws may allow attackers to render the smartphone constantly unresponsive, making all information stored on the device permanently unavailable including photos, videos, contact details, gaming others.

The researchers disclosed these findings with Qualcomm, who acknowledged them, notified the relevant device vendors, and assigned them with the following CVE’s: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209.

CheckPoint hasn’t revealed any of the technical details of how these vulnerabilities can be exploited so hackers don’t take advantage of the situation to attack users. “We have also updated relevant government officials, and relevant mobile vendors we have collaborated with on this research to assist them in making their handsets safer,” CheckPoint said.

The researchers informed Qualcomm and said that the company patched six security flaws discovered by them. According to researchers, Android users must be completely safe only after phone vendors roll out the security fixes to their devices.

In a statement to Bleeping Computer Qualcomm said, “Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.