Check Point security researchers have detected above 400 code vulnerabilities (security flaw) or “Achilles” in the digital signal processors (DSPs) of Qualcomm’s Snapdragon chips. An estimated 40% of mobile devices shipped in 2019 from the likes of Samsung, LG, and Xiaomi, all powering on the Qualcomm Snapdragon chipsets, thereby exposing hundreds of millions of devices, the Achilles raises an urgent concern.
This could result, attackers, quietly recording calls; stealing data; rendering devices unusable; and installing completely silent yet non-removable malware.
The researchers ran the “fuzz testing technologies” and a few other black-box approaches to identify the glitch. In conclusion, the vendors didn’t have a fix in the first place but the chipmaker, hence Qualcomm itself who would address the issues. Yaniv Balmas, the Research Head at Check Point research said the fix could be difficult or even impossible.
Although Qualcomm provides extended support for Android devices, vendors miss out on the support. Also, a number of vendors have proven to be slow to delivering updates while cutting off support even before Qualcomm. Even if the security patches get delivered early ahead of the usual support schedule, millions of phones will clearly miss out on the fixes owing to update policies.
Meanwhile, Qualcomm has admitted the glitch thereby providing appropriate mitigations to partner brands. Again, with no record of a single active exploit yet, users could play their parts, installing patches when available and downloading apps from trusted channels much like the Google Play Store.