If you are using an Android phone with Qualcomm chipset, you are at risk, and here is why.
Researchers have found that Snapdragon series smartphone chipsets from Qualcomm, which is widely being used in Android devices, has over 400 instances of vulnerable code that puts millions of users at risk.
Check Point, a cybersecurity firm has found that the DSP (Digital Signal Processor) used in Qualcomm Snapdragon chipset has the vulnerable code which it is calling “Achilles” and is claimed to impact phones to be used as a spying tool.
Here is How Achilles Work
- Attackers can turn the phone into a perfect spying tool, without any user interaction required – The information that can be exfiltrated from the phone including photos, videos, call-recording, real-time microphone data, GPS and location data, etc.
- Attackers may be able to render the mobile phone constantly unresponsive – Making all the information stored on this phone permanently unavailable – including photos, videos, contact details, etc – in other words, a targeted denial-of-service attack.
- Malware and other malicious code can completely hide their activities and become un-removable.
The attacker can also lock the phone with all the data stored, rendering it useless. It can also be used to store unknown and unremovable malware on the device.
Qualcomm has been notified about it, as well as government officials and affected vendors. Given that millions of Android devices are at risk, the company has not published the details about its findings.
It is also being reported that Qualcomm has now fixed the issue but the affected devices can only be secured once the phone manufacturers start pushing the relevant updates and security patches to the affected phones, which is likely to take time.