Highlights:

  • Digital signal processor or the DSP in Qualcomm’s Snapdragon chips is discovered with over 400 pieces of vulnerable code.
  • Due to this flaw, threat actors can exploit Android phones to monitor location or make the phone unresponsive.

Researchers from Check Point, a cybersecurity firm, revealed that millions of Android devices are susceptible to activities that can transform them into spying tools. Threat actors can carry this out by manipulating over 400 vulnerabilities in Qualcomm’s Snapdragon digital signal processor chip.

The Snapdragon processor is extensively used in products from Google, Xiaomi, One Plus, and Samsung.

Impact of the security flaw

The vulnerabilities dubbed “Achilles” can impact mobile phones in three ways.

What exactly does the DSP or digital signal processor do?

As per a Gizmodo article, the DSP facilitates several modern and advanced features in smartphones, right from advanced augmented reality, quick charging, to HD capture.

The role of DSP in enhancing the features mentioned above makes it a super-efficient and budget-friendly component. The vulnerability flaw still makes it highly susceptible and paves the way for cybercriminals to take control of devices.

How is it done?

As explained by Check Point researchers, to take total control of the device, all that hackers need to do is trick users into installing an app that is functioned to trespass standard security measures.

Impact #1

The first move of hackers to inflict harm is via a spying tool that allows them access to photos, videos, GPS, and location data of the mobile phone device. The trick plays scarier when hackers can potentially record phone calls and turn on microphones remotely, even without the user ever realizing it.

Impact #2

An alternate way the hacker can mess with the Android device is by making an infected phone unusable by locking all data stored on it through a “targeted denial-of-service attack.”

Impact #3

The third way these attackers can manipulate is by hiding malware on the phone that is unremovable.

The reason behind a high number of vulnerabilities?

Researches explain that DSP is like a black box, and the reason behind these vulnerabilities can only be explored and reviewed in detail by the manufacturer. Even though this makes it difficult to crack, at the same time, it means that the security researchers cannot test them easily, rendering them ready for unknown security flaws.