Cyber security solutions expert Check Point has found several security vulnerabilities in Qualcomm's Snapdragon chipsets that power a majority of Android devices globally. Apparently the issue lies in the Digital Signal Processor (DSP) chips that are used for audio signal and digital image processing. This flaw lets a hacker snoop into devices as well as deploy unremovable malware which is also capable of evading detection.
These vulnerable chips are on almost every Android phone around the globe from manufacturers like Samsung, Xiaomi, OnePlus, Google and more. Check Point also suggests that this vulnerability allows an attacker to turn the phone into a spying tool, without any user interaction required. Thus allowing hackers to quietly extract information like photos, videos, call-recording, real-time microphone data, GPS and location data, etc.
Hackers also gain the ability to render the mobile phone constantly unresponsive making all the information stored on this phone permanently unavailable which is simply a targeted denial-of-service attack. On top of that, this chipset flaw also allows attackers to use malware and other malicious code to completely hide their activities and become unremovable.
Notably, Qualcomm has patched the six identified security flaws however, the fix isn’t that simple. The only way the security patches can reach devices is through mobile vendors who need to implement and deploy them to their users. Until and unless the security fix reaches your device, you could very well be vulnerable to these attacks.
“We decided to publish this blog to raise awareness to these issues. We have also updated relevant government officials, and relevant mobile vendors we have collaborated with on this research to assist them in making their handsets safer. The full research details were revealed to these stakeholders," Check Point explained in a research report.