Android Telephones running on a specific Qualcomm digital signal processor (DSP) chip are reported to Possess as many as 400 vulnerabilities.
Security research firm Check Point in its research discovered these vulnerabilities make it possible for hackers to access sensitive data, render the mobile phone continuously unresponsive, and permit malware and other malicious code to completely conceal their actions and become un-removable. Check Point says that Qualcomm DSP chips are observed in high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more.
Check Point, on its own blog, notes which Qualcomm was advised of these vulnerabilities earlier on. The research firm claims that the processor manufacturer has confessed them and even notified the appropriate device vendors concerning the vulnerabilities. It delegated several CVE fixes to device vendors including CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209. Check Point is dubbing this vulnerability group as Achilles.
In a statement to Market Watch, Yaniv Balmas, mind of cyber study at Check Point, commented”Although Qualcomm has fixed the issue, it is sadly not the end of the story. Hundreds of millions of mobiles are exposed to this safety threat. You can lose all your information.”
A Qualcomm spokesperson told the publication,”Regarding the Qualcomm Compute DSP vulnerability revealed by Check Point, we worked tirelessly to validate the issue and make proper mitigations available to OEMs. We’ve got no evidence it is now being exploited. We encourage users to update their apparatus as spots become available and to only install applications from trusted locations such as the Google Play Store.”
Check Point has not printed full technical details of these Achilles vulnerabilities since it wants mobile vendors to work on potential solutions to mitigate the probable dangers these vulnerabilities cause. Even the 400 vulnerabilities found within the Qualcomm DSP chip may allow attackers to turn the telephone into a perfect spying tool, with no user interaction needed. Hackers can gain access to photographs, videos, call-recording, real-time microphone information, GPS and location data, plus much more by exploiting these vulnerabilities.
What’s more, attackers might also be able to render the mobile phone constantly unresponsive making all of the info stored on this telephone indefinitely inaccessible. This targeted denial-of-service attack may enable hackers to block the user from accessing photos, videos, contact details, and more. Lastly, these vulnerabilities enable malware and other malicious code to completely hide their activities and become un-removable.
Check Point states DSP chips are’breeding grounds’ for vulnerabilities as they are being managed as”Black Boxes” because of the intricate nature of these chips and their undefined architecture. Because of this reason, cellular vendors must rely on chip manufacturers to cover the matter first. These vulnerabilities are reported to have influenced a slew mobile phones. While the exact amount isn’t known, Qualcomm chips are inserted into nearly 40 percent of cellular phones on the market, a 2019 Strategy Analytics report claims – leaving countless apparatus potentially at risk into the Achilles vulnerabilities.