Monday, August 10th 2020

Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.
Source: Ars Technica
Add your own comment

29 Comments on Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

#1
AsRock
TPU addict
Surprise, no not really.
Posted on Reply
#2
Rahnak
Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?
Posted on Reply
#3
xman2007
RahnakBig oof. Any list of affected models? Or should we just assume all of them are vulnerable?
Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to the chinese and google stealing my data :rockout::roll:
Posted on Reply
#4
Frick
Fishfaced Nincompoop
RahnakBig oof. Any list of affected models? Or should we just assume all of them are vulnerable?
Yes.
Posted on Reply
#5
trparky
Raevenlordonly install apps via trusted locations such as the Play Store.
Too bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.
Posted on Reply
#6
Hemmingstamp
xman2007Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to the chinese and google stealing my data :rockout::roll:
We've all been vicitim to them in one way or another, either by mobile OS or desktop searching.
trparkyToo bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.
This is nothing new. FOSS seems more favourable these days.
Posted on Reply
#7
trparky
HemmingstampFOSS seems more favourable these days.
I don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.
Posted on Reply
#8
Hemmingstamp
trparkyI don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.
Google never listen to customers, from gripes about their email service, to their business services, to their faulty apps.
I gave up on them years ago.
Posted on Reply
#9
$ReaPeR$
I'm not surprised but I didn't expect it to be this bad..
Posted on Reply
#10
bug
$ReaPeR$I'm not surprised but I didn't expect it to be this bad..
Don't worry about it. It's probably way worse, but security researchers can't look at everything all the time.
Now it's a good time to see which vendors actually care to update devices they dropped support for.
Posted on Reply
#11
defaultluser
What about Pixel phones? Don't the non-A models bypass these issues with their own DSP chip?
Posted on Reply
#14
Steevo
"ARM is faster"

So was Intel until they had to patch the unsecured flaws that would allow similar exploits.
Posted on Reply
#16
R-T-B
Qualcomm is the big fish in the phone pond. It's Intel for phone security research. Expect more.
Posted on Reply
#17
SamWarrick
Geee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.
Posted on Reply
#18
R-T-B
SamWarrickGeee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.
Data leaks are by nature some of the easiest vulnerabilities to spot. It's not really a huge logic leap to expect them to be found first.

But more to the point, it wouldn't surprise me if the NSA or whatever was already aware of these. What would surprise me is if they were intentionally engineered. It doesn't really work like that.
Posted on Reply
#19
Hemmingstamp
R-T-BWhat would surprise me is if they were intentionally engineered. It doesn't really work like that.
So how does it work? I'm all ears.
Posted on Reply
#20
Wshlist
HemmingstampSo how does it work? I'm all ears.
Me too. Please enlighten us.
Maybe you can forward your reply to Snowden too, I'm sure he'll be interested also.

Also arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?
And you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..
And that it has been proven and confirmed that big companies are all too glad pulling stuff themselves and working along with government agencies.
Posted on Reply
#21
R-T-B
HemmingstampSo how does it work? I'm all ears.
Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.
WshlistMaybe you can forward your reply to Snowden too, I'm sure he'll be interested also.
Snowden is famous (mainly with people who do not work actual security analysis, mind), but not as technically able as most believe. He just had access to some good docs that were very interesting and don't get me wrong, I think he should be treated as a whistleblower, but that's beside the point. His claims following the initial report have also been somewhat questionable at times.

That, and he doesn't really communicate outside of twitter these days, so no can do.
WshlistAlso arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?
I'm arguing that researchers can look at these vulnerabilities and tell you based on how they work whether they are manmade or accidental. Stack overflows, as a primitive example, are almost never intentional.
WshlistAnd you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..
I'm well aware, but thanks for educating me.
Posted on Reply
#23
bug
R-T-BIntentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.
I believe this is like you can tell Covid was not lab engineered: if it was, it would look like Frankenstein's creature of the viruses world. Same with engineered loopholes.
Posted on Reply
#24
Hemmingstamp
R-T-BIntentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.
Has to be the best brush off I've ever had, but anything is possible to collect data I guess.
Posted on Reply
#25
Steevo
ThrashZoneHi,
Wonder how MS will fix this :)
Who is MS?
Posted on Reply
Add your own comment
Dec 21st, 2024 23:12 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts