A leading cyber security expert, has discovered more than 400 vulnerabilities affecting Android smartphones that seriously endanger users’ data and security. This new problem that afflicts Android smartphones will be explained. The issue concerns a particular type of smartphone or the devices of a specific company, but most Android smartphones are available on the market.
From Samsung to Xiaomi, Huawei and OnePlus (to name the most famous brands), everyone is exposed to the 400 vulnerabilities discovered by Check Point. The reason is quite apparent: the problem concerns the DSP, a chip in all Qualcomm processors and, therefore, in most Android smartphones. For the moment, there is still no solution available for all users: Qualcomm has already prepared the patches and now it is up to individual manufacturers to implement them on their devices. So, we will have to wait another couple of months.
DSP: What It Is And Why It Is Dangerous
Probably few have heard of it until today, but DSP is a tiny device present inside Android smartphones that perform the function of a digital signal processor. This particular tool is found inside many devices: headphones, intelligent speakers, infotainment systems and various technological equipment. The smartphone, for example, has the task of decoding MP3 files or lowering and raising the level of music.
New Vector That Hackers Can Use to Propagate Cyber Attacks. The total vulnerabilities discovered are 400, but the Israeli company did not want to disclose too many technical aspects pending individual manufacturers’ release of corrective patches. To exploit this vulnerability to hackers, it might be enough to convince the user to install a simple app on the smartphone.
The Possible Risks
The most significant risks for users relate to their data. Check Point has emphasized three main aspects that need to be considered if a hacker manages to exploit one of the vulnerabilities to infect a smartphone.
- The smartphone spies on users. A hacker may remotely take control of the smartphone to start spying on user activity. But not only. It could also steal personal data such as photos, videos, call recordings.
- The smartphone becomes inaccessible. As if you were infected with ransomware, the famous ransom virus that blocks access to your device and asks for a reward to unlock it, this new vulnerability can be used to make access to any information in the smartphone’s memory inaccessible.
- Malware is impossible to remove. Hackers could install malware that hides their activity and is impossible to extract.
At the moment, users don’t have any tools to protect themselves from these vulnerabilities, but at the same time, hackers are unaware of the technicalities that make smartphones unsafe. Qualcomm has already released several patches that will need to be used by individual manufacturers to implement them in future security updates. The vulnerabilities in question have the following codenames: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209.
Furthermore, the Check Point researchers found that these flaws would make the device more prone to Denial of Service (DoS) attacks or privilege escalation, which is the acquisition of control of the software. In this way, hackers could gain unauthorized access to the system and make the device a spying tool, accessing data such as photos, videos, GPS data, microphone data, or even calls, making it unusable, permanently sabotaging the smartphone.