Monday, August 10th 2020

Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

by
Raevenlord
 Discuss (29 Comments)
Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.
Source: Ars Technica

Related News

Add your own comment

29 Comments on Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

#26
R-T-B
HemmingstampHas to be the best brush off I've ever had, but anything s possible to collect data I guess.
I don't really know how else to explain it to you other than if you look for a conspiracy, you will always find one. If you look at how things are constructed with understanding however, the evidence isn't there on these types of things that are generally reported as vulerabilities, and not "backdoors." The researchers know what they are looking at.
Posted on Reply
#27
Hemmingstamp
R-T-BI don't really know how else to explain it to you other than if you look for a conspiracy, you will always find one. If you look at how things are constructed with understanding however, the evidence isn't there on these types of things that are generally reported as vulerabilities, and not "backdoors." The researchers know what they are looking at.
You assumed I was looking for conspiracy the first time I asked so I reacted. The fact is I wasn't, I was merely asking you a question since you work in the industy.
Not all of us are here to poke sticks ya know.
Posted on Reply
#28
ThrashZone
SteevoWho is MS?
Hi,
MicroSoft
Seeing they're now using android for win-10 mobile and also allowing android apps desktop access off these mobile devices these holes might be fun for them to shield win-10.
Posted on Reply
#29
Steevo
ThrashZoneHi,
MicroSoft
Seeing they're now using android for win-10 mobile and also allowing android apps desktop access off these mobile devices these holes might be fun for them to shield win-10.
Its the ARM hardware not the applications that have security holes.

Its the reason ARM is "faster" at some things than X86-64 CPUs, less security and more trust in applications.

Microsoft doesn't have anything to worry about with the application side as long as the system level security is present.
Posted on Reply
Add your own comment
Jul 6th, 2024 09:17 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts