Security studies warn more than a billion Android phones at risk of becoming spy tools for hackers.
The team found 400 vulnerabilities in Qualcomm’s Snapdragon chips, which are staples in smartphones.
The vulnerabilities, collectively known as ‘Achilles’, allow cybercriminals to access photos, videos, location data and other sensitive details on a handheld device.
First discovered by Check Point company, experts say users just need to install an application that appears to be a benign application, but is actually filled with malware that allows hackers to carry out their attack.
Security studies warn more than a billion Android phones at risk of becoming spy tools for hackers. The team found 400 vulnerabilities in Qualcomm’s Snapdragon chips, which are staples in smartphones
Yaniv Balmas, head of cyber research at Check Point, said: ‘You can be tracked. You may lose all of your data. ”
‘If such vulnerabilities are discovered and used by malicious people, it would leave millions of mobile phone users with almost no way to protect themselves for a very long time.’
Check Point shared its findings with Qualcomm and affected smartphone vendors, but did not post the vulnerabilities to the public so as not to provide opportunities for hackers.
Snapdragon-powered products can be found on the flagship phones of Google, Samsung, Xiaomi, LG and OnePlus.
The system products on the Snapdragon chip can be found on the flagship phones from Google, Samsung (pictured), Xiaomi, LG and OnePlus.
However, iPhone users are still safe from Achilles, as Apple provides its own processor.
Qualcomm says it is addressing security flaws; release a new compiler and a new software development kit. But it’s up to phone carriers to distribute patches for each phone model that carries the affected processor.
‘For vendors that means they’ll need to recompile each DSP app they use, test them and fix any problems. [that] Balmas said. ‘Then they need to send these fixes to all devices on the market.’
Snapdragon chips are used in a wide range of smartphones, wearable devices, automotive systems, and other devices.
Electronics developers have long applauded the technology for speed and performance capabilities, power capabilities, 5G support, graphics processing, and embedded fingerprint readability.
However, these digital signal processors (DSPs) have been closely monitored by security experts due to possible flaws as the specifications are often tightly guarded by manufacturers. .
Researchers from Check Point said: ‘Although the DSP chip offers a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features, but they come at a high cost.
‘These chips introduce new attack surfaces and weaknesses for these mobile devices.’
The vulnerability, collectively known as ‘Achilles’, allows cybercriminals to access photos, videos, location data and other sensitive details on a handheld device.
‘DSP chips are much more risky as they are being managed as’ Black boxes’ as it can be very complicated for anyone other than their manufacturer to consider design, functionality or code of them. “
“Our research has broken these limits, and we are able to look very closely at the chip’s internal design and implementation,” says Balmas.
‘Since such research is so rare, it might explain why we found so many pieces of code vulnerable to attacks.’
Qualcomm said it has no evidence of the ‘currently being exploited’ vulnerabilities, but urged customers to ‘update their devices when there are patches available and only install apps from locations. trusted, such as Google Play Store. ‘