At the latest DEF CON hacker conference over the weekend, researchers at cyber-security firm, CheckPoint, presented a detailed research, claiming that the Digital Signal Processor (DSP) chips on Qualcomm Snapdragon processors harbor “over 400 vulnerabilities” that pose a massive threat to mobile phone users worldwide.
DSP chips enable a variety of tasks on smartphones, including image processing, charging, audio, video, AR and other multimedia functions. Phone-makers can also make use of these chips to insert their own functionality that will run as dedicated applications on top of the existing framework. A number of leading smartphone vendors, including Samsung, Google, Xiaomi and others, use Qualcomm chips in their devices. According to CheckPoint, over 40% Android devices use Qualcomm chips. There are around 3 billion Android devices in the world, which means these risks affect over 1 billion of them.
Checkpoint reported the findings of the research, dubbed ‘Achilles’, to Qualcomm earlier this year, and the chipmaker has already released a fix for the flaws. In a statement, Qualcomm said: “Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store”.
However, according to CheckPoint, Google is yet to incorporate the patch into AOSP, and none of the affected vendors have rolled out the fixes for their respective devices. In the absence of a widespread patch, CheckPoint is withholding technical details about the vulnerabilities. You can learn more technical details on the official CheckPoint blog.