Android Phones With Qualcomm DSP Chips Affected by 400 Vulnerabilities: Check Point

Qualcomm DSP chips are found in high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more.

Advertisement
By Tasneem Akolawala | Updated: 8 August 2020 16:35 IST
Highlights
  • Hackers can gain access to sensitive information on these phones
  • Check Point has not issued details about the vulnerabilities
  • Qualcomm says fixes have been issued to mobile vendors

Qualcomm has acknowledged these vulnerabilities and have assigned mobile vendors with fixes

Android smartphones running on a specific Qualcomm digital signal processor (DSP) chip are reported to have as many as 400 vulnerabilities. Security research firm Check Point in its research discovered that these vulnerabilities allow hackers to access sensitive information, render the mobile phone constantly unresponsive, and allow malware and other malicious code to completely hide their activities and become un-removable. Check Point says that Qualcomm DSP chips are found in high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more.

Check Point, on its blog, notes that Qualcomm was told of these vulnerabilities earlier on. The research firm says that the chip manufacturer has acknowledged them and even notified the relevant device vendors regarding the vulnerabilities. It assigned several CVE fixes to device vendors including CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209. Check Point is dubbing this vulnerability group as Achilles.

In a statement to Market Watch, Yaniv Balmas, head of cyber research at Check Point, commented "Although Qualcomm has fixed the issue, it's sadly not the end of the story. Hundreds of millions of phones are exposed to this security risk. You can be spied on. You can lose all your data."

A Qualcomm spokesperson told the publication, "Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store."

Advertisement

Check Point has not published full technical details of these Achilles vulnerabilities as it wants mobile vendors to work on possible solutions to mitigate the possible risks these vulnerabilities cause. The 400 vulnerabilities found inside the Qualcomm DSP chip can allow attackers to turn the phone into a perfect spying tool, without any user interaction required. Hackers can gain access to photos, videos, call-recording, real-time microphone data, GPS and location data, and much more by exploiting these vulnerabilities.

Furthermore, attackers may also be able to render the mobile phone constantly unresponsive making all the information stored on this phone permanently unavailable. This targeted denial-of-service attack can enable hackers to block the user from accessing photos, videos, contact details, and more. Lastly, these vulnerabilities allow malware and other malicious code to completely hide their activities and become un-removable.

Advertisement

Check Point says that DSP chips are ‘breeding grounds' for vulnerabilities as they are being managed as “Black Boxes” due to the complex nature of these chips and their undefined architecture. Due to this reason, mobile vendors have to rely on chip manufacturers to address the issue first. These vulnerabilities are reported to have affected a slew mobile phones. While the exact number is not known, Qualcomm chips are embedded into nearly 40 percent of mobile phones in the market, a 2019 Strategy Analytics report claims - leaving millions of devices potentially at risk to the Achilles vulnerabilities.


Why are smartphone prices rising in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. iQOO Neo 10 First Sale in India Kicks Off Today: Price, Offers and Features
  1. New Dwarf Planet Discovery Challenges Planet Nine Hypothesis
  2. Venus May Be Geologically Active: New Study Reveals Tectonic Processes Shaping Its Surface
  3. Genetic Study Reveals Maya Civilization’s Collapse Was a Reorganization
  4. Brightest Planets in June’s Night Sky: How and When to See Mercury, Venus, Mars and Saturn
  5. Hubble Spots Isolated Barred Spiral Galaxy That’s Secretly Part of a Cosmic Duo
  6. Tourist Family Now Available for Streaming on JioHotstar in Tamil, Telugu and Hindi Languages
  7. Pelli Kani OTT Release Date: When and Where to Watch it Online?
  8. Gajaana Now Streaming on JioHotstar: What You Need to Know About A Mythical Tale of Yali, Forests, and Fate
  9. Samsung Encourages Users to Activate Latest Anti-Theft Features on Galaxy Devices
  10. Fujifilm Instax Mini 41 With Close-Up Mode Launched in India: Price, Specifications
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.