Qualcomm’s Snapdragon chip used in Android smartphones may have put over 3 billion users globally at risk. CheckPoint security researchers have discovered over 400 vulnerabilities in Qualcomm’s Digital Signal Processor (DSP) chips.
Qualcomm chips are used in over 40% of the smartphone market and are found in phones from different price categories. These also include premium phones from brands like Google, Samsung, LG, Xiaomi and more. CheckPoint tested the DSP chip and discovered over 400 vulnerable pieces of code. If exploited it can allow hackers to turn any smartphone into a spying tool without the user’s interaction. Hackers can get access to data including photos, videos, call recordings, real-time microphone data, GPS and location data as well.
Hackers can also push a denial-of-service attack which would freeze the phone. This way all the data on the phone will be permanently available. Another potentially dangerous thing is that hackers can inject malware and malicious code on these phones that will not only hide their activities but even make them unremovable.
CheckPoint hasn’t revealed the technical details of how these vulnerabilities can be exploited.
“We have also updated relevant government officials, and relevant mobile vendors we have collaborated with on this research to assist them in making their handsets safer,” CheckPoint said.
CheckPoint did inform Qualcomm and the company has patched six security flaws discovered. But for Android phone users to be completely safe, mobile phone vendors will have to roll out the security fixes to their smartphones.
“Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Qualcomm said in a statement to Bleeping Computer.
The Qualcomm chip security loopholes affect only Android smartphones. iPhones are safe since Apple uses in-house chips. Other than Qualcomm, MediaTek chipsets are mostly used on Android phones and in-house chipsets such as Samsung’s Exynos and Huawei’s Kirin.