Qualcomm's DSP vulnerabilities leave millions of Android smartphones on risk

qualcomms smartphones at risk

A major security flaw has been found in Qualcomm’s Digital Signal Processing (DSP).  According to a Checkpoint research, an unknown Qualcomm DSP chip was found to have a whopping 400 security flaws. The security issues are said to affect Android users in three different ways.

Firstly, hackers can access users' details such as photos, videos, call-recording, real-time microphone data, GPS and location data, and more by converting the device into a spying tool. Secondly, hackers can use a DDOS attack by making the device unresponsive and thus restricting users from accessing the device. And lastly, malicious codes can be injected into the smartphone via this vulnerability, which is harder to find, thus creating more troubles for the users.

The DSPs in Qualcomm chipsets are mostly integrated along with the processor, modem, and ISPs. The DSP in question is said to be also present in high-end smartphones. Checkpoint researchers tested the DSP chip and said that these flaws can allow hackers to turn any smartphone into a spying tool without the user’s interaction. Additionally, researchers also said that hackers can get access to user data including photos, videos, call recordings, real-time microphone data, GPS, and location data. Checkpoint hasn’t revealed any of the technical details of how these vulnerabilities can be exploited so hackers don’t take advantage of the situation to attack users.

Qualcomm acknowledged the finding and said “Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”