A group of researchers from security firm ‘Check Point’ have identified more than 400 flaws in the Snapdragon SoC delivered over the years by Qualcomm. If the American manufacturer is already offering a patch capable of filling these flaws, Google has not yet integrated it into Android. In all, more than a billion smartphones are affected by these vulnerabilities.
One billion. This is the number of Android smartphones potentially affected by the more than 400 vulnerabilities discovered by a team of researchers within Qualcomm’s famous Snapdragon processors. These flaws, which mainly rely on DSP (Digital Signal Processing) chips built into the American manufacturer’s SoC, can be used for a variety of attacks ranging from remote listening to photo and video data theft. , including taking a smartphone out of service (rendered completely inoperative).
There are also various methods of doing this: hackers can exploit these vulnerabilities through malicious applications or through simple files involving a DSP calculation, such as a video uploaded by a targeted user.
READ ALSO : Samsung galaxy Watch 3 & Galaxy Tab S7/S7+
DSP Introduces “A New Surface Of Attack And New Weaknesses” In Security :
“If DSP chips are a relatively economical solution, which allows mobile phones to offer users more functions, while allowing innovative functions, they come at a cost”, explain researchers from the firm Check Point, at the origin of the discovery. “These chips introduce a new attack surface and weaknesses for these mobile devices. DSP chips are much more vulnerable because they are handled like ‘black boxes’. It can be very complex for anyone other than their manufacturer to review their design, functionality or code, ”reads further.
Concretely, SoC (System on a Chip) group together various components on a single chip, such as a processor, a graphics part or even a DSP part. The latter is responsible for many tasks related to video and audio processing, or augmented reality, among others. As Ars Technica specifies, the DSP can also be used by smartphone manufacturers to animate applications involving features specific to their devices. It is this part of the Snapdragon SoC that is mainly singled out by the researchers at Check Point through many vulnerabilities grouped under the name “Achilles”.
Read : Realme X50 5G
Qualcomm Has Done Its Job, Google Is Training To Take Over:
“With respect to the Qualcomm Compute DSP vulnerabilities revealed by Check Point, we have been working diligently to resolve the issue and provide OEM with the appropriate solutions. We have no evidence that these flaws are currently being exploited. We encourage end users to update their devices as patches become available and only install apps from trusted locations such as the Google Play Store, ”Qualcomm said in a statement.
The Californian manufacturer therefore seems to have fulfilled its part of the contract by quickly proposing a fix. However, as of August 8, Google had not yet integrated this patch into Android. Once Google has fulfilled its part of the contract, it will then take a further period for the smartphone manufacturers to each deploy the update in question on their various terminals. A slow three-step roll-out that may hurt end users.
According to the Check Point report, 40% of the world’s Android devices are currently equipped with Snapdragon chips. About 3 billion products are therefore affected by these flaws, including more than a billion smartphones. Almost 90% of Android devices in the US have Snapdragon chips.