From Samsung to Google, Android smartphones are some of the most popular handheld devices around the world. But if you use an Android, a new report may ring some alarm bells for you. Researchers from Check Point have discovered 400 vulnerabilities in Qualcomm’s Snapdragon Digital Signal Processor (DSP) chip - a chip used in over 40% of the world’s phones. This includes devices from Google, Samsung, LG, Xiaomi and OnePlus. These vulnerabilities could allow hackers to spy on your photos, videos, calls and GPS data.
It could also let attackers render your phone unresponsive, or to install dangerous malware on your device. To exploit the vulnerabilities, hackers would simply need to persuade the phone owner to install an app, according to the researchers. Thankfully, Qualcomm has now fixed the issue.
A Qualcomm spokesperson told Mirror Online: "Providing technologies that support robust security and privacy is a priority for Qualcomm. Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”
However, the Check Point researchers say that it’s sadly not the end of the story. Yaniv Balmas, Head of Cyber Research at Check Point, said: “Hundreds of millions of phones are exposed to this security risk. You can be spied on. You can lose all your data. Our research shows the complex ecosystem in the mobile world. With a long supply chain integrated into each and every phone, it is not trivial to find deeply hidden issues in mobile phones, but it’s also not trivial to fix them.
“Luckily this time, we were able to spot these issues. But, we assume it will take months or even years to completely mitigate them. If such vulnerabilities are found and used by malicious actors, there will be tens of millions of mobile phone users with almost no way to protect themselves for a very long time. It is now up to the vendors, such as Google, Samsung and Xiaomi, to integrate those patches into their entire phone lines, both in manufacturing and in the market. Our estimation is that it will take a while for all the vendors to integrate the patches into all their phones.
“Hence, we do not feel publishing the technical details is the responsible thing to do given the high risk of these details falling into the wrong hands. For now, consumers must wait for the relevant vendors to also implement fixes.”