Friday, September 18, 09:24
Home security Qualcomm Snapdragon: Vulnerabilities expose 40% of smartphones to hackers

Qualcomm Snapdragon: Vulnerabilities expose 40% of smartphones to hackers

Many vulnerabilities found in Qualcomm's Snapdragon Digital Signal Processor (DSP) chip could allow hackers to take control of nearly 40% of smartphones, spy on their users and create a create un-removable malware which will not be detectable. DSPs are system-on-chip units used for audio signal and digital image processing and telecommunications, in electronic Appliances, including TVs and mobile devices. Despite their complexity and the number of new features, DSP chips can be added to any device, but they also bring new vulnerabilities, thus expanding the surface attack of the devices.

According to her researchers Check Point identified these vulnerabilities, the vulnerable DSP chip can be found in almost every Android device, including state-of-the-art mobile phones from tech giants such as Google, Samsung, LG, Xiaomi, OnePlus and many more. It is worth noting, however, that its line of iPhone smartphones Apple is not affected by the vulnerabilities discovered and examined by Check Point.

Check Point revealed its findings to Qualcomm, which identified them, alerted device suppliers and reported the following vulnerabilities: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE -2020-11208 and CVE-2020-11209.

Qualcomm Snapdragon vulnerabilities-smartphones

According to Check Point, these vulnerabilities could have the following consequences:

• Allow hackers to turn a cell phone into an espionage tool without the need for user interaction. At the same time, the information that can be stolen from the mobile phone includes photos, videos, call history, microphone data in real time, GPS, location data and more.
These vulnerabilities could also lead to a non-response of the cell phone, making all the information stored on that cell phone permanently inaccessible - including photos, videos, contact information, etc. - in other words, a targeted DoS attack.
• They can also use malware and other malware code which can completely hide their activities.

Qualcomm has fixed the vulnerabilities by releasing security updates. Although Qualcomm has already fixed the six vulnerabilities affecting the Qualcomm Snapdragon DSP chip, mobile vendors need to implement and deliver fixes security to users of their devices, as the threat still exists, as devices are still vulnerable to attacks.

Check Point researchers did not publish technical details behind these vulnerabilities to allow mobile vendors to develop and deliver security updates to users to mitigate any risks. However, they did publish a blog to raise awareness of these security issues for both vendors and users. In addition, researchers have informed relevant government officials and mobile phone suppliers with whom they collaborated in this research. The full details of the investigation were revealed to those interested.

Providing technologies that offer strong security and privacy is a priority for Qualcomm. Regarding the Qualcomm Compute DSP vulnerability revealed by Check Point, the company said it was working to resolve the issue and suggest appropriate mitigation to OEMs. The company also stressed that so far there are no indications that these vulnerabilities have been exploited. Finally, it advises users to update their devices with the available ones updates and install apps only from trusted sites like the Google Play Store.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Ransomware hit New Jersey University Hospital

A massive data breach occurred at New Jersey University Hospital (UHNJ) as 48.000 items were exposed after a ransomware attack.

Email security training is phishing scam

A new phishing campaign pretends to be a well-known security company, sending its victims email security training.

Mozilla is launching a search for YouTube's suggestion algorithm

YouTube algorithm can lead you to some very strange suggestions, suggesting videos that seem to be to your liking ...

PS5: Sony has announced the price and release date of the console

Ready for PlayStation 5? Now you can pre-order the new console at selected retailers for the price of 500 ...

Biohacking: An exciting prospect, but only for the rich?

A global study finds that many users find biohacking exciting, but remain intimidated by hacking and privacy.

GNOME 3.38: What changes does the next version contain?

Recently, after 6 months of development, the next version of the GNOME environment was released. The new version 3.38 ...

New Pinephone distribution with 13 operating systems released

Today, many users use dual-boot systems, which allow the use of two operating systems at the same time ....

Google Drive: It will delete the trash files

Google is changing the way Google Drive handles files and documents in the Recycle Bin ...

Security and privacy features of iOS 14 and iPadOS 14

Apple has equipped iOS 14 and iPadOS 14 for iPhone and iPad with even greater security, in order to maintain ...

Microsoft for BSOD on ThinkPad: Lenovo's solution is not recommended

Microsoft has finally released a support update that describes in detail how to deal with the BSODs that appear on Lenovo ThinkPad due to ...