‘Achilles’ flaw in Qualcomm chips puts millions of Android phones at risk
More than 400 vulnerabilities were found in Snapdragon chips’ DSP
Most casual smartphone users probably don’t care what processor is featured inside their device. Flashy specs like the display, camera, and battery life are what manufacturers often advertise. Consumers mainly focus on the price. However, the silicon found in your devices is extremely important.
A new vulnerability discovered by security researchers demonstrates why. It affects Qualcomm’s Snapdragon chip -one of the most popular processors found in Android phones.
Dubbed “Achilles,” the flaw puts millions of Android users at risk.
What is Achilles?
Researchers from a cybersecurity firm called Check Point were the first to uncover the Snapdragon vulnerabilities. Achilles affects a portion of the chip called the digital signal processor (DSP).
In Qualcomm’s Snapdragon chips, researchers found more than 400 pieces of vulnerable code hiding in the DSP. That’s a concerning figure.
Altogether, the vulnerabilities can be exploited in three main ways. To do so, attackers would need to convince users to install an app that bypasses usual security measures. For instance, apps that let users alter Android’s functionality typically have such permissions.
From there, it would be possible for hackers to access a phone’s media library, GPS, and location data.
The second form of exploit allows attackers to record phone calls and turn on the device’s microphone without the user knowing. It’s easy to see the potential spying and privacy concerns related to this avenue.
Finally, hackers who want to cause a lot of trouble could simply render a smartphone unusable through a “targeted denial-of-service attack.” This would let them lock all of the data stored on a device and permanently disable it.
The most concerning thing isn’t the potential vulnerabilities. Rather, it is the fact that attackers could hide malware on a device in a way that makes it unremovable and completely hidden. Affected users wouldn’t even know that their phone had been compromised.
How Does Achilles Work?
Today’s smartphones rely on the DSP for many of their cutting-edge features. It enables things like quick charging, HD video capture, and augmented reality (AR) features. That makes it a highly efficient component to include in smartphones.
Unfortunately, it also opens several avenues for hackers to access and compromise a device. Since the DSP plays such an important role in a phone, it is also an Achilles heel-hence the name of the new group of vulnerabilities.
Meanwhile, the DSP is a sort of “black box,” making it difficult for anyone other than a device’s manufacturer to access it. Though that helps make it tougher to compromise, it also makes it harder for security researchers to understand how it works. That paves the way for large quantities of vulnerabilities like the ones recently discovered in Qualcomm’s chips.
What Should Consumers Do?
As of now, Qualcomm claims that the Achilles flaw hasn’t been publicly exploited. That being said, it affects millions of Android devices from manufacturers like Samsung, Google, OnePlus, LG, and more. A 2019 survey found that nearly 40 percent of all Android phones run on a Snapdragon processor.
Qualcomm has reportedly fixed the vulnerability. However, that doesn’t immediately put users out of harm’s way. It can take some time for device manufacturers to roll out the latest security patches.
In the meantime, consumers should be wary of what they download and only do so from official app stores. Android owners should also update their phone regularly as patches become available.
Originally published at https://www.theburnin.com on August 7, 2020.