Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

[Raevenlord]

Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.



View at TechPowerUp Main Site

 

[AsRock]

Surprise, no not really.

 

[Rahnak]

Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?

 

[xman2007]

Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?

Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to the chinese and google stealing my data

 

[Frick]

Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?

Yes.

 

[trparky]

only install apps via trusted locations such as the Play Store.

Too bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.

 

[Hemmingstamp]

Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to the chinese and google stealing my data

We've all been vicitim to them in one way or another, either by mobile OS or desktop searching.

Too bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.

This is nothing new. FOSS seems more favourable these days.

 

[trparky]

FOSS seems more favourable these days.

I don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.

 

[Hemmingstamp]

I don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.

Google never listen to customers, from gripes about their email service, to their business services, to their faulty apps.
I gave up on them years ago.

 

[$ReaPeR$]

I'm not surprised but I didn't expect it to be this bad..

 

[bug]

I'm not surprised but I didn't expect it to be this bad..

Don't worry about it. It's probably way worse, but security researchers can't look at everything all the time.
Now it's a good time to see which vendors actually care to update devices they dropped support for.

 

[defaultluser]

What about Pixel phones? Don't the non-A models bypass these issues with their own DSP chip?

 

[Caring1]

What about Routers and home automation with DSP chips?

Qualcomm opens up on its Hexagon DSP - Embedded.com

Qualcomm will open up its Hexagon DSP core to third-party programmers and may even license the block for others to use. It showed details of the part for

www.embedded.com

DSP Group teams with Qualcomm on home automation solution - Globes

en.globes.co.il

 

[bug]

What about Routers and home automation with DSP chips?

Qualcomm opens up on its Hexagon DSP - Embedded.com

Qualcomm will open up its Hexagon DSP core to third-party programmers and may even license the block for others to use. It showed details of the part for

www.embedded.com

DSP Group teams with Qualcomm on home automation solution - Globes

en.globes.co.il

I'm guessing a router or a home automation device is somewhat less likely to download and play maliciously crafted videos and such.
Plus it's not like current home automation devices have a track record of being secure.

 

[Steevo]

"ARM is faster"

So was Intel until they had to patch the unsecured flaws that would allow similar exploits.

 

[Paganstomp]

 

[R-T-B]

Qualcomm is the big fish in the phone pond. It's Intel for phone security research. Expect more.

 

[SamWarrick]

Geee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.

 

[R-T-B]

Geee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.

Data leaks are by nature some of the easiest vulnerabilities to spot. It's not really a huge logic leap to expect them to be found first.

But more to the point, it wouldn't surprise me if the NSA or whatever was already aware of these. What would surprise me is if they were intentionally engineered. It doesn't really work like that.

 

[Hemmingstamp]

What would surprise me is if they were intentionally engineered. It doesn't really work like that.

So how does it work? I'm all ears.

 

[Wshlist]

So how does it work? I'm all ears.

Me too. Please enlighten us.
Maybe you can forward your reply to Snowden too, I'm sure he'll be interested also.

Also arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?
And you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..
And that it has been proven and confirmed that big companies are all too glad pulling stuff themselves and working along with government agencies.

 

[R-T-B]

So how does it work? I'm all ears.

Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

Maybe you can forward your reply to Snowden too, I'm sure he'll be interested also.

Snowden is famous (mainly with people who do not work actual security analysis, mind), but not as technically able as most believe. He just had access to some good docs that were very interesting and don't get me wrong, I think he should be treated as a whistleblower, but that's beside the point. His claims following the initial report have also been somewhat questionable at times.

That, and he doesn't really communicate outside of twitter these days, so no can do.

Also arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?

I'm arguing that researchers can look at these vulnerabilities and tell you based on how they work whether they are manmade or accidental. Stack overflows, as a primitive example, are almost never intentional.

And you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..

I'm well aware, but thanks for educating me.

 

[ThrashZone]

Hi,
Wonder how MS will fix this

 

[bug]

Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

I believe this is like you can tell Covid was not lab engineered: if it was, it would look like Frankenstein's creature of the viruses world. Same with engineered loopholes.

 

[Hemmingstamp]

Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

Has to be the best brush off I've ever had, but anything is possible to collect data I guess.