If you have purchased an Android phone in the past decade, chances are good that it has a Qualcomm chip Qualcomm's smartphone market share has rarely fallen below 40% worldwide in recent years
With that in mind, the latest findings from Check Point should be cause for alarm Qualcomm's chips have been found to have over 400 vulnerabilities built into them [Dubbed "Achilles," the potential problems reside in the digital signal processing (DSP) that handles many of the smartphone's functions, including charging, video, and audio According to Check Point's research, these vulnerabilities can be exploited by targets downloading malicious videos or questionable apps If a user downloads a malicious file that exploits these vulnerabilities, the smartphone is at the mercy of a third party, and the hacker can access files and location information, or even turn on the microphone switch at will, turning the device into a spy tool
Alternatively, additional malware could be smuggled in or malicious types could lock down all data However you interpret it, infection is bad news [DSP chips are a relatively economical solution, allowing for more features and innovative functionality in cell phones [These chips introduce new attack targets and weaknesses in mobile handsets; DSP chips are more vulnerable to risk because they are managed as a "black box"
After all this bad news, there is a bit of good news First, there is still no evidence that this problem is being exploited "in the wild"
Second, Qualcomm fixed the flaw before anyone could take advantage of it
"We have worked diligently to validate this issue and ensure that OEMs have appropriate mitigations available," the company said in a statement, adding that users should "update their devices as patches become available"
Did you spot the bad news in this paragraph? Yes, the patch is not yet available
While Qualcomm has released a patch to fix it, it has not yet been added to the Android OS by Google or patched into software updates by various manufacturers Also, Check Point has not yet released technical details regarding this vulnerability, but if a malicious third party discovers this vulnerability, it will still exist
Therefore, extreme caution should be exercised when following links or downloading apps If possible, use the Google Play store However, Google's app review procedures are by no means flawless, so even in that case, caution is advised
Comments