Min menu


More than a billion Android devices are vulnerable to data theft due to Qualcomm



 This week, researchers reported that a billion or more Android devices are vulnerable to hacks that could turn them into spy tools by exploiting more than 400 vulnerabilities in Qualcomm's Snapdragon chip.

Security vulnerabilities can be exploited when the target - the Android user - downloads a video or other content that the chip displays, and targets can also be attacked by installing malicious apps that don't require permissions at all.

Attackers can monitor websites and listen to the voice of Android users in real time, extract photos and videos, and it is possible for the hacker to make the phone completely unresponsive, and the attack can be hidden from the Android operating system in a way that makes the detection process difficult.

The Snapdragon chip provides a set of components, such as the CPU and graphics processor, and one of the functions, known as digital signal processing, or DSP, addresses a variety of tasks, including charging capabilities, video, audio, augmented reality and other multimedia functions. Android phone makers can also use DSP to run custom apps that provide personalized benefits.

Researchers from Security Company (Check Point) wrote, in a brief report, the weaknesses they discovered, saying: “While DSP chips provide a relatively economical solution that allows Android mobile phones to provide end users with more functionality and enable innovative features, they come At a cost, these chips also present vulnerabilities for these portable devices. DSP chips are more vulnerable, as they are managed as (Black Boxes) due to the fact that it may be very difficult for anyone other than the manufacturer to review their design, functionality or code. ”

Qualcomm released a fix for the flaw, but so far it has not been integrated into the Android OS or any Android device that uses the Snapdragon chip.

Check Point is withholding technical details about security vulnerabilities and how they can be exploited so that fixes make their way to end-user devices. 2020-11201), (CVE-2020-11202), (CVE-2020-11206), (CVE-2020-11207), (CVE-2020-11208) and (CVE-2020-11209).

Qualcomm officials said in a statement: “In relation to the Qualcomm Compute DSP vulnerability disclosed by Check Point, we have worked diligently to validate the issue and make appropriate mitigations available to the OEMs. We have no evidence that this vulnerability is currently being exploited on Android devices. We encourage end-users of Android to update their devices as patches become available, and install applications only from trusted sites such as Google Play Store.

(Check Point) said: The (Snapdragon) chip is included in about 40 percent of phones around the world, with an estimated 3 billion Android devices, and in the US market Snapdragon is included in about 90 percent of devices.