Check Point security researchers found massive vulnerabilities amounting to 400 in number within the Qualcomm Snapdragon digital signal processor (DSP) chip. If exploited, the security researchers say the flaw could put millions of users at risk around the globe or around 40 percent of smartphone users.
According to Tech Radar, a digital signal processor or DSP is a chip placed within a system that sends audio and digital image signals to smartphones, televisions, and many other devices.
Check Point researchers say that although DSP provides a wealth of benefits and features for smartphone and other device users, it also brings a number of risks. Among its offerings include quick charging abilities, enhanced multimedia platforms, and experiences, such as high definition capture, and other audio features.
The researchers maintain that “These chips introduce new attack surfaces and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as ‘Black Boxes’ since it can be very complex for anyone other than their manufacturer to review their design, functionality or code.”
The team has dubbed the vulnerability as Achilles is present in over 40 percent of the mobile phones on the market today, including renowned makers such as Samsung, Google, LG, OnePlus, Xiaomi, and many others. Based on the report released by the Check Point security team, the chip manufacturer is Qualcomm Technologies.
The said vulnerability could reportedly be exploited should users download apps or videos that have malicious content.
Among the vulnerabilities that could impact the millions of Android users around the world include being used as a spying device. Forbes reports that Android smartphone devices can be leveraged as a spy tool without user interaction.
Under the said vulnerability, hackers and attackers alike can exploit user information by copying images, recording phone calls, mining location data, and gaining access to real-time microphone usage, notes Forbes.
Besides this, the Qualcomm Snapdragon bug can also make the device unresponsive, otherwise known as bricking or a denial of service attack. The researchers also say that malware and other malicious actions can result in data theft, with attacker activities remaining undetected and unremoved by the user.
Following Check Point’s discovery of the issue, Tom’s Guide revealed that Qualcomm has already issued a patch for the 400 vulnerabilities. However, the site states the fix has yet to be issued to users on the Android OS system through Google of manufacturer software updates.