As much as we increasingly rely on smartphones throughout the day, there is no escaping security threats. We can mitigate them, but it’s tough to avoid them altogether. Particularly upsetting is the news from Check Point that nearly every Android phone has over 400 vulnerabilities because of the embedded Qualcomm DSP chips that provide most of the functionality.
What Are DSP Chips?
Many smartphones rely on third-party Digital Signal Processor (DSP) chips, which is basically a system on a chip. The system abilities include charging capabilities, such as “quick charge,” multimedia, audio features, image processing, and voice data.
Third-party vendors can also include their own functionality on the existing framework of these chips.
DSP chips can be attractive to phone manufacturers since they include everything needed to run a phone on just one chip. And because the chips are manufactured by third parties, they are seen as “black boxes,” as they make it hard for anyone other than the manufacturer to review the design of the chip.
Achilles Research of Qualcomm Chips
One of the leading manufacturers of DSL chips is Qualcomm Technologies. The company offers a variety of chips that are embedded into devices. Qualcomm DSL chips are used in over 40 percent of mobile phones, including those manufactured by Google, Samsung, LG, Xiaomi, OnePlus, and more.
Check Point Research completed a paper titled “Achilles” and shared it at Def Con 2020, outlining over 400 security vulnerabilities that are found in Qualcomm DSP chips.
Of the 400 Android vulnerabilities, Check Point is highlighting three of the most disturbing ways they can affect the user. One is that Android phones that include the chip can spy on the user without any user interaction. Information that is leaked from the phone includes phones, videos, call records, microphone data, and GPS and location data.
If a phone includes one of these chips, attackers can also render the phone unresponsive. The vulnerabilities can be leveraged to make all the information stored on the phone permanently unavailable. This includes photos, videos, contacts, etc.
Phones can also conceal malicious activity. Malware, as well as other malicious code, can hide the activities of a hacker and can be unremovable.
The fact that nearly every Android phone can spy on you, become inoperable, and conceal the activities of a hacker is a troubling situation for sure.
Check Point Research is now publishing the full technical details of the 400 Android vulnerabilities found in Qualcomm DSL chips until mobile phone vendors have a solution to solve these risks. Yet, they are spreading the information that the risks exist to raise awareness. It will be up to Qualcomm, as well as Android manufacturers, now to rectify this situation.