23.1 C
Indore
Tuesday, September 30, 2025
Home Technology Millions of Smartphones With Qualcomm DSPs Hit by Vulnerabilities: Report

Millions of Smartphones With Qualcomm DSPs Hit by Vulnerabilities: Report


Android smartphones running on a specific Qualcomm digital signal processor (DSP) chip are reported to have as many as 400 vulnerabilities. Security research firm Check Point in its research discovered that these vulnerabilities allow hackers to access sensitive information, render the mobile phone constantly unresponsive, and allow malware and other malicious code to completely hide their activities and become un-removable. Check Point says that Qualcomm DSP chips are found in high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more.

Check Point, on its blog, notes that Qualcomm was told of these vulnerabilities earlier on. The research firm says that the chip manufacturer has acknowledged them and even notified the relevant device vendors regarding the vulnerabilities. It assigned several CVE fixes to device vendors including CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209. Check Point is dubbing this vulnerability group as Achilles.

In a statement to Market Watch, Yaniv Balmas, head of cyber research at Check Point, commented “Although Qualcomm has fixed the issue, it’s sadly not the end of the story. Hundreds of millions of phones are exposed to this security risk. You can be spied on. You can lose all your data.”

A Qualcomm spokesperson told the publication, “Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”

Check Point has not published full technical details of these Achilles vulnerabilities as it wants mobile vendors to work on possible solutions to mitigate the possible risks these vulnerabilities cause. The 400 vulnerabilities found inside the Qualcomm DSP chip can allow attackers to turn the phone into a perfect spying tool, without any user interaction required. Hackers can gain access to photos, videos, call-recording, real-time microphone data, GPS and location data, and much more by exploiting these vulnerabilities.

Furthermore, attackers may also be able to render the mobile phone constantly unresponsive making all the information stored on this phone permanently unavailable. This targeted denial-of-service attack can enable hackers to block the user from accessing photos, videos, contact details, and more. Lastly, these vulnerabilities allow malware and other malicious code to completely hide their activities and become un-removable.

Check Point says that DSP chips are ‘breeding grounds’ for vulnerabilities as they are being managed as “Black Boxes” due to the complex nature of these chips and their undefined architecture. Due to this reason, mobile vendors have to rely on chip manufacturers to address the issue first. These vulnerabilities are reported to have affected a slew mobile phones. While the exact number is not known, Qualcomm chips are embedded into nearly 40 percent of mobile phones in the market, a 2019 Strategy Analytics report claims – leaving millions of devices potentially at risk to the Achilles vulnerabilities.


Why are smartphone prices rising in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.


Discover more from News Journals

Subscribe to get the latest posts sent to your email.

Most Popular

Why was X’s ‘censorship’ challenge rejected? | Explained

The story up to now:The Karnataka Excessive Court docket has dismissed X Corp’s petition in opposition to the Union authorities’s Sahyog portal, which...

US-based tax services provider Ryan acquires majority stake in Dhruva Advisors

The US-headquartered tax companies and software program supplier Ryan has acquired a majority stake within the Indian tax and regulatory advisory agency Dhruva...

Mexican marine biologist seriously injured in shark attack off Costa Rica

A Mexican marine biologist was critically injured after he was attacked by a shark whereas working off Costa Rica's...

Retail and F&B / WOFF

© Arti Footage - William Sutanto+ 24 Share ...

Recent Comments