A new report by Check Point Research reveals that about 40% of smartphones in existence are vulnerable to remote spying attacks. The issues are found in one of the components of Snapdragon chips, which was used more than one billion smartphones today. These vulnerabilities can let hackers spy, execute malware and steal data from targeted phones.

Snapdragon Chips Are Vulnerable to Several Attacks

Qualcomm has been the largest supplier of mobile chips to more than a billion Android OEMs. Their chips are incorporated in more than 90% of US devices and have a share of more than 40% in world smartphones. Well, this makes Apple devices safer.

As per Check Point’s report, the vulnerabilities tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209 can be exploited by attackers to track users. The issue is more specifically vested in one of the components of Snapdragon chips, known as Digital Signals Processor (DSP), which is used for digital image and signal processing like telecommunications between other components.

The hack can start with a malicious file being downloaded from an unknown source, or even downloading a multimedia content received by others. This can trigger any of the above-said vulnerabilities to let the attacker;

  • Plant malware or other malicious code that’s completely hidden and becomes un-removable.
  • Can make the mobile constantly unresponsive, thereby making the content stored in that device unavailable.
  • Can use the mobile as a spy tool. This doesn’t need any user interaction but gives the ability to exfiltrate data like photos, videos, call-recording, real-time microphone data and location data to the hacker.

Patch Available, But Takes Time

Upon reporting to Qualcomm, the maker has made a patch for these vulnerabilities in DSP, but it takes a long time to reach the end-user devices. Since Snapdragon chips are used by over a billion smartphones now, it takes time for all OEMs to push this patch as an update to all users.

LEAVE A REPLY

Please enter your comment!
Please enter your name here