September 30, 2020

Snapdragon Digital Signal Processor unit has a major vulnerability, threatening a large number of Android devices

2 min read

According to the latest research report released by a Check Point security company, the Snapdragon series processors owned by the well-known chip manufacturer Qualcomm have high-risk security vulnerabilities.

Although Qualcomm is not a direct mobile phone manufacturer, mobile phone manufacturers will use technologies and chipsets provided by Qualcomm to obtain better technologies and functions.

Therefore, the high-risk vulnerabilities in Qualcomm’s Snapdragon series processors affect a large number of brands of devices, including Google, Xiaomi, Samsung, OnePlus, and many other high-end devices.

Research shows that attackers can use vulnerabilities to turn users’ devices into perfect spy tools, steal all information, and even monitor microphones in real-time.

The Digital Signal Processor (DSP) unit built into the Qualcomm Snapdragon series processor is used in more than 40% of the devices on the market, and this chip was found to have high-risk vulnerabilities.

Snapdragon 8cx 5G

These vulnerabilities are extremely harmful and can turn the device into a spy tool, and any information stored locally by the user can be obtained by the attacker without any interaction.

For example, photos, information, video, call records, location data, etc., an attacker can even directly monitor the monitoring stream transmitted by the microphone in real-time without the user discovering it.

The malicious software or other malicious code installed by the attacker can completely hide the activity and cannot be deleted, so conventional antivirus software cannot solve the problem.

At present, the security company has notified Qualcomm of the vulnerability and has been confirmed by Qualcomm, and the details of the related vulnerabilities will not be announced until the vulnerabilities are completely fixed.

Qualcomm issued a security announcement stating that it has confirmed the vulnerabilities reported by the researchers, mainly because the DSP chips may be bypassed by attackers.

The original related programming code will be open to manufacturers for programming and definition, and then can be executed after Qualcomm signs, but the vulnerability can bypass signature verification.

The company said that the current related repair patches have been completed for testing, and will be provided to manufacturers to release new versions of firmware to fix vulnerabilities.

Qualcomm said there is currently no evidence that the vulnerability has been exploited by attackers, but we encourage users to download and install new firmware immediately when there is an update to ensure safety.