A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomm Snapdragon digital signal processor (DSP) chip that powers millions of high-end smartphones from Google, Samsung, LG, Xiaomi, OnePlus, and other device manufacturers.
For starters, DSP is a Digital Signal Processor. It is one of the important components to carry out real-time requests between users and the firmware. Those are image, audio and voice processing, neural network calculations, camera streaming, GPS positioning and more.
Recently Google rolled out an update to fix critical security and vulnerability issues on Android devices. However, a report indicates that more than 400 vulnerable pieces of codes were found on the DSP of Qualcomm’s chipset. If left unattended, it says, could turn the smartphones into a spying tool, and make hackers install malware.
More than 400 vulnerable pieces of code were found in the DSP chip, researchers at Check Point tested. An attacker could exploit these to take advantage of a target smartphone in several ways. One possible attack could involve turning the phone into a spying tool and exfiltrate data, including photos, videos, call recording, real-time microphone data, GPS, and location without user interaction.
Alternatively, an attacker could exploit these vulnerabilities to render a target phone constantly unresponsive and ensure photos, videos, contact details, and other information stored on the phone is permanently unavailable. Malware and other malicious code in these attacks can conceal the attackers’ activity and become unremovable.
To successfully launch any of these, an attacker would need to create a malicious application and then convince the user to download it. There’s not much helpful guidance to provide users for protecting themselves against these exploits. Downloading apps only from Play Store can help, but Google’s track record of vetting apps shows that advice has limited efficacy. There’s also no way to effectively identify booby-trapped multimedia content.
Last updated:
0 Comments