Over 40% of the world’s smartphones using Snapdragon chips are at risk now, as per the report from Check Point Research team. Researchers there have found several vulnerabilities in one of the components of Snapdragon chips, which could lead attackers to infect with malware, spy on targets and even steal data from their devices.
Over One Billion Smartphones Are At Risk
As per Check Point’s report, Qualcomm’s Snapdragon chips are vested with several vulnerabilities that could be exploited for spying and data exfiltration from target’s devices. Though Check Point hasn’t revealed the technical details of those vulnerabilities yet, they’re assigned CVE tracking IDs as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209.
These vulnerabilities are found in the Digital Signals Processor (DSP) of all Snapdragon chips, which is responsible for handling the telecommunications between handsets and other gadgets and also processing the network signals. And this component is embedded in every Snapdragon chip of more than one billion smartphones today!
DSP is a kind of black box item in the devices. Though it provides many important features by consuming less power and space, it comes with a lot of issues that need to be addressed. Upon disclosure of this issue, the Qualcomm officials said, “Regarding the Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs.”
As per statistics, over three billion phones run on Android, out of which 40% of smartphones are vulnerable to these exploits. Though Qualcomm said it didn’t see for any exploits in the wild already, it quickly responded with a patch. But, it’s got a long way to reach the end-users device as there are tens of OEMs using their chips in millions of devices.
Crafting the patch accordingly and pushing them through OTA update could take time, thus, users are recommended the general guidelines of using official channels of downloading apps like Google’s Playstore and accepting content from known sources until the patch arrives.
Other Trending News:- News