There are over 400 vulnerabilities on Qualcomm’s Snapdragon chip that can be exploited without owners’ intervention, explains Check Point’s Slava Makkaveev.
The relentless drive to innovation and technological advancement has opened avenues for threat actors to exploit. Usually, tech giants ensue third party solutions for their products and devices which primarily include Digital Signal Processor unit commonly termed as DSP chips.
A DSP is a wholesome system on a chip that has various hardware and software functions which include charge/quick charge features, optimize the multimedia experience, and enhance audio features. In other words, every modern phone evidently has one of these chips.
Recent research by Check Point dubbed as ‘Achilles’ ensues extensive security review pertaining to DSP chips. One of the leading third party solutions, Qualcomm Technologies manufactures a wide variety of DSP chips to be embedded into devices.
This let alone captures a whopping 40% of the mobile phone segment. Even high-end companies such as Google, Samsung, LG, Xiaomi, OnePlus procure DSP chips from Qualcomm.
Disquietingly, more than 400 vulnerable pieces of code were found within Qualcomm Snapdragon DSP chips as tested by Check Point. The research further explains how such vulnerabilities if exploited can turn users’ devices into a perfect ‘spying tool’, that too without the owners’ intervention.
Not only this, but threat actors may render phone useless or unresponsive which also includes making sensitive information on the device inaccessible or permanently unavailable such as pictures, contacts, or videos.
Most perilously, malware and other nasty codes will be able to hide their malicious activity and in worse cases become totally unremovable.
The research emphasizes that these chips do provide more features, functionality, and innovation for the end-user, but there is a downside to this as well. These chips have their weak points that make them susceptible to attacks. In a blog post, Check Point stated that:
DSP chips are much more vulnerable to risks as they are being managed as “Black Boxes” since it can be very complex for anyone other than their manufacturer to review their design, functionality, or code.
However, the purpose of the research was to raise awareness. As of now, no such instances or evidence of the vulnerabilities being exploited have surfaced. But it is noteworthy, that a deep analysis pertaining to the security posture of Qualcomm’s snapdragon is in pursuit.
Watch Check Point’s Slava Makkaveev presentation on Qualcomm related vulnerabilities at Defcon virtual – The magic begins at 17:42: