According to the Check Point security research firm, there is a serious security breach on Qualcomm-powered smartphones. This a problem that may affect everyone using a Qualcomm-powered smartphone. As of 2019, this is about 40$ of the smartphone market. The researchers are calling this exploits “Achilles”.
According to the researchers, there are more than 400 lines of code vulnerabilities all in the digital signal processors (DSP) of Qualcomm’s SoCs. The researchers, obviously, are keeping all these flaws as a top-secret. After all, exposing them could allow hackers to make use of these exploits. For now, the company is keeping the details a secret to minimize the risk of someone using these exploits.
“In this research dubbed “Achilles,” we performed an extensive security review of a DSP chip from one of the leading manufacturers: Qualcomm Technologies. Qualcomm provides a wide variety of chips that make up over 40% of the mobile phone market. That includes high-end phones from Google, Samsung, LG, Xiaomi, OnePlus, and more.”
What is DSP?
A DSP (Digital Signal Processor) is a system on a chip that has hardware and software designed to optimize and enable each area of use on the device itself. It includes:
- Charging abilities (such as “quick charge” features)
- Multimedia experiences e.g. video, HD Capture, advanced AR abilities
- Various Audio features
Simply put, a DSP is a complete computer on a single chip – and almost any modern phone includes at least one of these chips.
The report states that a user would be able to record calls, steal data, install malicious software that can’t be installed, and even use the exploit to turner the phone a brick. Worth noting, that Qualquer is aware of these exploits and started updating the drivers and the low-level code to fix these issues. The company should make it available to vendors pretty soon. After that, these venders will be the ones pushing the updates with fixes for the smartphones powered by Qualcomm chips.
Despite the threat, analysts state that it’s highly unlikely that anyone has ever used those exploits. They don’t have any records of anyone already done so. For now, you must check with your phone vendor for a possible update fixing these exploits. Moreover, it’s important to make sure that you’re always downloading apps from trusted sources. If you’re an average user, it’s recommended to always download apps from Google Play Store.