viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Snapdragon chip flaws put >1 billion Android phones at risk of data theft
Technology

Snapdragon chip flaws put >1 billion Android phones at risk of data theft

08/08/2020

Stylized promotional image of a Qualcomm computer chip.

A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomm’s Snapdragon chip, researchers reported this week.

The vulnerabilities can be exploited when a target downloads a video or other content that’s rendered by the chip. Targets can also be attacked by installing malicious apps that require no permissions at all.

From there, attackers can monitor locations and listen to nearby audio in real time and exfiltrate photos and videos. Exploits also make it possible to render the phone completely unresponsive. Infections can be hidden from the operating system in a way that makes disinfecting difficult.

Snapdragon is what’s known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.

New attack surface

“While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features—they do come with a cost,” researchers from security firm Check Point wrote in a brief report of the vulnerabilities they discovered. “These chips introduce new attack surface and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as ‘Black Boxes’ since it can be very complex for anyone other than their manufacturer to review their design, functionality or code.”

Qualcomm has released a fix for the flaws, but so far it hasn’t been incorporated into the Android OS or any Android device that uses Snapdragon, Check Point said. When I asked when Google might add the Qualcomm patches, a company spokesman said to check with Qualcomm. The chipmaker didn’t respond to an email asking.

Check Point is withholding technical details about the vulnerabilities and how they can be exploited until fixes make their way into end-user devices. Check Point has dubbed the vulnerabilities Achilles.

In a statement, Qualcomm officials said: “Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”

Check Point said that Snapdragon is included in about 40 percent of phones worldwide. With an estimated 3 billion Android devices, that amounts to more than a billion phones. In the US market, Snapdragons are embedded in around 90 percent of devices.

There’s not much helpful guidance to provide users for protecting themselves against these exploits. Downloading apps only from Play can help, but Google’s track record of vetting apps shows that advice has limited efficacy. There’s also no way to effectively identify boobytrapped multimedia content.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

You can score a lifetime of cloud backup for under $50 right now
The next time one of your devices fails, make sure …

You can score a lifetime of cloud backup for under $50 right now

Fast & Furious: Crossroads lives video games a quarter-mile at a time
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

India’s FarEye raises $25M to grow its logistics SaaS startup in international markets

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Fast & Furious: Crossroads lives video games a quarter-mile at a time
    The $99 Mendel Air Sensor uses data …
    18/04/2020
  • Twitch Prime’s Crown Channel mixes gaming, pop culture, and fan interaction
    Twitch Prime’s Crown Channel mixes gaming, pop …
    24/06/2020
  • Google paints its ambient computing vision for Flutter
    Google and Canonical bring Flutter apps to …
    09/07/2020
  • 2020 will be a big year for online childcare — here are 7 startups to watch
    Shipfix raises $4.5M seed for its dry …
    31/12/2019
  • Bankrupt OneWeb gets FCC approval for another 1,280 broadband satellites
    OneWeb exits bankruptcy and is ready to …
    23/11/2020

Popular Posts

  • SolarWinds hack that breached gov networks poses a “grave risk” to the nation
    Code-execution flaw in VMware has a severity …
    25/02/2021 0
  • Top 10 Unsettling Facts About The Death …
    28/01/2021 0
  • Top 10 Books That Will Change Your …
    28/01/2021 0
  • 10 Notable People Who Foresaw Their Own …
    29/01/2021 0
  • Top 10 Things You Probably Never Knew …
    29/01/2021 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2021 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh