Hundreds of Vulnerabilities Found in Vast Majority of Android Smartphones

Yolanda Curtis
August 12, 2020

Apparently the issue lies in the Digital Signal Processor (DSP) chips that are used for audio signal and digital image processing. Sensitive data on your phone, such as bank card information, can be stolen due to this vulnerability.

Qualcomm chips are used in a wide range of phones from brands like Samsung, Xiaomi, Realme and more. CheckPoint tested the DSP chip and discovered over 400 vulnerable pieces of code.

Despite the above risks posed by these vulnerabilities, Check Point hasn't found any exploits in the real world.

More than a billion users of Android devices are at risk of hackers taking over their phones and rendering them unusable - or turning them into spying tools.

"Although Qualcomm has fixed the issue, it's sadly not the end of the story", Head of Cyber Research at Check Point, Yaniv Balmas, said.

According to Check Point, by way of Ars Technica, Google has yet to respond to inquiries regarding when or if the Qualcomm patches may be added to Android devices. The company has notified relevant government officials as well as relevant mobile firms, 'to assist them in making their handsets safer'. This would mean that your phone is pretty much worthless, and it is the sort of attack that is quite common when so many vulnerabilities are exposed. This could allow hackers to gain access to data including photos, videos, Global Positioning System and location data as well.

Additionally, the attacker would also be able to lock all the data stored on the phone and make the phone of no use at all to the user; this has been described as a "targeted denial-of-service attack" by the researchers.

Unfortunately, if anyone were to exploit the Achilles flaws to spy on you, you wouldn't have any way to tell.

Qualcomm has further clarified that it has no evidence regarding the current exploitation of vulnerabilities.

Oh, yeah, and the way Achilles works, you'd never even know your data was being siphoned off. Malware becomes invisible and impossible to remove.

While Qualcomm said there is no reported exploitation of such vulnerabilities, it advised customers to update their devices only with patches available in trusted locations like the Google Play Store. On top of that, this chipset flaw also allows attackers to use malware and other malicious code to completely hide their activities and become unremovable.

In response to the report, Qualcomm vowed to address the vulnerabilities.

As per Check Point's report, the vulnerabilities tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209 can be exploited by attackers to track users.

Other reports by iNewsToday