Hundreds of bits of vulnerable code have been detected in a chip of Qualcomm, a reputed chip supplier to multiple smartphone manufacturing giants.
Qualcomm’s chips are widely used in Android smartphones, and this vulnerability has now put millions of Android smartphone users at risk.
400 Pieces Of Vulnerable Code “Achilles” Found In Qualcomm Snapdragon Chip
Researchers from Check Point, a cybersecurity firm have discovered that the digital signal processor (DSP) in Qualcomm Snapdragon chips had more than 400 pieces of vulnerable code. These vulnerabilities have been collectively named Achilles and are estimated to affect phones in three major ways.
As of 2019, about 40% of Android smartphone manufacturers, including Google, Samsung, Xiaomi, LG, and OnePlus use the chipset of Qualcomm Snapdragon.
In this vulnerability, attackers would have to convince people to simply install an app that seems benign and bypasses the usual security measures. Once installed, the phone can be used as a spying tool by the attackers. They would also be able to gain access to the users’ photos, videos, GPS, and location data.
Call Recording, Phone Locking: How Does Achilles Harm Your Phone?
As per reports, calls could also be recorded by the attackers, and microphones on the phone could also be turned on without the owner being aware of it.
Additionally, the attacker would also be able to lock all the data stored on the phone and make the phone of no use at all to the user; this has been described as a “targeted denial-of-service attack” by the researchers. Also, bad actors would also be able to exploit the vulnerabilities in the phone and hide malware without the knowledge of the owner and it would also be unremovable.
Qualcomm has responded to this, saying that it has “worked diligently to validate the issue and make appropriate mitigations available” to smartphone manufacturers. The company hasn’t found any evidence of the risk that Achilles poses, but has warned Android users to update their phones regularly and be sure to install apps that are available on verified app stores.
It is also up to the phone manufacturers to offer the necessary security patches to their customers.
Comments are closed, but trackbacks and pingbacks are open.