Around 400 security flaws have been found in Qualcomm's digital signal processor (DSP) chip that can cause security issues to around millions of Android devices. The research, conducted by popular security research firm Check Pont, suggests that these vulnerabilities can allow hackers to access users' personal information and perform more malicious tasks. Read on to know more about it.
Millions of Android devices can be affected
The research, dubbed Achillies, an unknown Qualcomm DSP chip was tested and around 400 security flaws popped up. The security issues are said to affect Android users in three different ways.
Firstly, hackers can access users' personal details such as photos, videos, call-recording, real-time microphone data, GPS and location data, and more by converting the device into a spying tool. Secondly, hackers can easily 'render the devices unresponsive,' which could make it difficult for users to access their smartphone data. This is also known as a Denial-of-Service (DoS) attack. Lastly, several malicious codes can hide in smartphones, becoming unremovable and causing trouble for users.
It is suggested that Qualcomm DSPs are found high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more, which make up for around 40% of the total smartphone market. For those who don't know, a Digital Signal Processor (DSP) is an additional System on a chip that allows for hardware and software optimisations and innovative features for smartphones.
Although DSPs provide new features to users, they are prone to several security issues as they are managed by Black Boxes due to their complex nature. This can provide for a 'fertile ground' for security issues to grow and cause issues to millions of users.
Check Point hasn't given out technical details on the same but told Qualcomm of the research and Qualcomm has acknowledged the same. In a statement to Market Watch, Qualcomm said. "Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store."