• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.23/day)
Location
Portugal
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.



View at TechPowerUp Main Site
 
Joined
May 31, 2017
Messages
878 (0.32/day)
Location
Home
System Name Blackbox
Processor AMD Ryzen 7 3700X
Motherboard Asus TUF B550-Plus WiFi
Cooling Scythe Fuma 2
Memory 2x8GB DDR4 G.Skill FlareX 3200Mhz CL16
Video Card(s) MSI RTX 3060 Ti Gaming Z
Storage Kingston KC3000 1TB + WD SN550 1TB + Samsung 860 QVO 1TB
Display(s) LG 27GP850-B
Case Lian Li O11 Air Mini
Audio Device(s) Logitech Z200
Power Supply Seasonic Focus+ Gold 750W
Mouse Logitech G305
Keyboard MasterKeys Pro S White (MX Brown)
Software Windows 10
Benchmark Scores It plays games.
Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?
 
Joined
Jan 25, 2006
Messages
1,470 (0.21/day)
Processor Ryzen 1600AF @4.2Ghz 1.35v
Motherboard MSI B450M PRO-A-MAX
Cooling Deepcool Gammaxx L120t
Memory 16GB Team Group Dark Pro Sammy-B-die 3400mhz 14.15.14.30-1.4v
Video Card(s) XFX RX 5600 XT THICC II PRO
Storage 240GB Brave eagle SSD/ 2TB Seagate Barracuda
Display(s) Dell SE2719HR
Case MSI Mag Vampiric 011C AMD Ryzen Edition
Power Supply EVGA 600W 80+
Software Windows 10 Pro
Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?
Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to the chinese and google stealing my data :rockout::roll:
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
19,670 (2.86/day)
Location
w
System Name Black MC in Tokyo
Processor Ryzen 5 7600
Motherboard MSI X670E Gaming Plus Wifi
Cooling Be Quiet! Pure Rock 2
Memory 2 x 16GB Corsair Vengeance @ 6000Mhz
Video Card(s) XFX 6950XT Speedster MERC 319
Storage Kingston KC3000 1TB | WD Black SN750 2TB |WD Blue 1TB x 2 | Toshiba P300 2TB | Seagate Expansion 8TB
Display(s) Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case Fractal Design Define R4
Audio Device(s) Plantronics 5220, Nektar SE61 keyboard
Power Supply Corsair RM850x v3
Mouse Logitech G602
Keyboard Dell SK3205
Software Windows 10 Pro
Benchmark Scores Rimworld 4K ready!
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
only install apps via trusted locations such as the Play Store.
Too bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.
 
Joined
May 15, 2020
Messages
578 (0.34/day)
Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to the chinese and google stealing my data :rockout::roll:

We've all been vicitim to them in one way or another, either by mobile OS or desktop searching.

Too bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.

This is nothing new. FOSS seems more favourable these days.
 
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
FOSS seems more favourable these days.
I don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.
 
Joined
May 15, 2020
Messages
578 (0.34/day)
I don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.

Google never listen to customers, from gripes about their email service, to their business services, to their faulty apps.
I gave up on them years ago.
 
Joined
Jul 14, 2008
Messages
872 (0.15/day)
Location
Copenhagen, Denmark
System Name Ryzen/Laptop/htpc
Processor R9 3900X/i7 6700HQ/i7 2600
Motherboard AsRock X470 Taichi/Acer/ Gigabyte H77M
Cooling Corsair H115i pro with 2 Noctua NF-A14 chromax/OEM/Noctua NH-L12i
Memory G.Skill Trident Z 32GB @3200/16GB DDR4 2666 HyperX impact/24GB
Video Card(s) TUL Red Dragon Vega 56/Intel HD 530 - GTX 950m/ 970 GTX
Storage 970pro NVMe 512GB,Samsung 860evo 1TB, 3x4TB WD gold/Transcend 830s, 1TB Toshiba/Adata 256GB + 1TB WD
Display(s) Philips FTV 32 inch + Dell 2407WFP-HC/OEM/Sony KDL-42W828B
Case Phanteks Enthoo Luxe/Acer Barebone/Enermax
Audio Device(s) SoundBlasterX AE-5 (Dell A525)(HyperX Cloud Alpha)/mojo/soundblaster xfi gamer
Power Supply Seasonic focus+ 850 platinum (SSR-850PX)/165 Watt power brick/Enermax 650W
Mouse G502 Hero/M705 Marathon/G305 Hero Lightspeed
Keyboard G19/oem/Steelseries Apex 300
Software Win10 pro 64bit
I'm not surprised but I didn't expect it to be this bad..
 

bug

Joined
May 22, 2015
Messages
13,843 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
I'm not surprised but I didn't expect it to be this bad..
Don't worry about it. It's probably way worse, but security researchers can't look at everything all the time.
Now it's a good time to see which vendors actually care to update devices they dropped support for.
 
Joined
Oct 22, 2014
Messages
14,170 (3.81/day)
Location
Sunshine Coast
System Name H7 Flow 2024
Processor AMD 5800X3D
Motherboard Asus X570 Tough Gaming
Cooling Custom liquid
Memory 32 GB DDR4
Video Card(s) Intel ARC A750
Storage Crucial P5 Plus 2TB.
Display(s) AOC 24" Freesync 1m.s. 75Hz
Mouse Lenovo
Keyboard Eweadn Mechanical
Software W11 Pro 64 bit

bug

Joined
May 22, 2015
Messages
13,843 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
What about Routers and home automation with DSP chips?

I'm guessing a router or a home automation device is somewhat less likely to download and play maliciously crafted videos and such.
Plus it's not like current home automation devices have a track record of being secure.
 
Joined
Nov 4, 2005
Messages
12,013 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
"ARM is faster"

So was Intel until they had to patch the unsecured flaws that would allow similar exploits.
 
Joined
Jul 16, 2016
Messages
304 (0.10/day)
Location
Binghamton, NY
System Name The Final Straw
Processor Intel i7-7700
Motherboard Asus Prime H270M Plus
Cooling Arctic Liquid Freezer II 120
Memory G.Skill 32GB DDR4 2400 - F4-2400C15D
Video Card(s) EVGA GTX 1660 Super SC Ultra 6GB GDDR6
Storage WD Blue SN550 512GB and 1TB M.2 + Seagate 2TB 7200 SATA
Display(s) Acer VG270U P 2k
Case Thermaltake Versa H17
Audio Device(s) HDMI
Power Supply EVGA 750 white
Mouse Logitech
Keyboard Logitech
VR HMD Why?
Software Windows 10
Benchmark Scores 3DMark06 = 33,624 / Fire Strike = 12,690 / Time Spy = 5,465 as of 7/16/2024
169dum.jpg
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Qualcomm is the big fish in the phone pond. It's Intel for phone security research. Expect more.
 
Joined
Oct 27, 2018
Messages
22 (0.01/day)
Geee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Geee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.

Data leaks are by nature some of the easiest vulnerabilities to spot. It's not really a huge logic leap to expect them to be found first.

But more to the point, it wouldn't surprise me if the NSA or whatever was already aware of these. What would surprise me is if they were intentionally engineered. It doesn't really work like that.
 
Joined
Jul 13, 2008
Messages
306 (0.05/day)
Location
EU
So how does it work? I'm all ears.
Me too. Please enlighten us.
Maybe you can forward your reply to Snowden too, I'm sure he'll be interested also.

Also arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?
And you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..
And that it has been proven and confirmed that big companies are all too glad pulling stuff themselves and working along with government agencies.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
So how does it work? I'm all ears.

Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

Maybe you can forward your reply to Snowden too, I'm sure he'll be interested also.

Snowden is famous (mainly with people who do not work actual security analysis, mind), but not as technically able as most believe. He just had access to some good docs that were very interesting and don't get me wrong, I think he should be treated as a whistleblower, but that's beside the point. His claims following the initial report have also been somewhat questionable at times.

That, and he doesn't really communicate outside of twitter these days, so no can do.

Also arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?

I'm arguing that researchers can look at these vulnerabilities and tell you based on how they work whether they are manmade or accidental. Stack overflows, as a primitive example, are almost never intentional.

And you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..

I'm well aware, but thanks for educating me.
 
  • Like
Reactions: bug
Joined
Feb 20, 2020
Messages
9,340 (5.29/day)
Location
Louisiana
System Name Ghetto Rigs z490|x99|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor 10900k w/Optimus Foundation | 5930k w/Black Noctua D15
Motherboard z490 Maximus XII Apex | x99 Sabertooth
Cooling oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block | Blk D15
Memory Trident-Z Royal 4000c16 2x16gb | Trident-Z 3200c14 4x8gb
Video Card(s) Titan Xp-water | evga 980ti gaming-w/ air
Storage 970evo+500gb & sn850x 4tb | 860 pro 256gb | Acer m.2 1tb/ sn850x 4tb| Many2.5" sata's ssd 3.5hdd's
Display(s) 1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case D450 | Cherry Entertainment center on Test bench
Audio Device(s) Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply EVGA 1000P2 with APC AX1500 | 850P2 with CyberPower-GX1325U
Mouse Redragon 901 Perdition x3
Keyboard G710+x3
Software Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores Are in the benchmark section
Hi,
Wonder how MS will fix this :)
 

bug

Joined
May 22, 2015
Messages
13,843 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.
I believe this is like you can tell Covid was not lab engineered: if it was, it would look like Frankenstein's creature of the viruses world. Same with engineered loopholes.
 
Joined
May 15, 2020
Messages
578 (0.34/day)
Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

Has to be the best brush off I've ever had, but anything is possible to collect data I guess.
 
Last edited:
Top