Android phones everywhere can spy on users: 400 vulnerabilities found in Qualcomm Snapdragon chips
August 2020 by Check Point
Security researchers at Check Point have found hundreds of vulnerable code sections in a chip found in over 40% of the world’s phones. Qualcomm’s Snapdragon Digital Signal Processor (DSP) chip is found in hundreds of millions of Android phones, including high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more.
In a research paper titled “DSP-Gate” and presented at Def Con 2020, Check Point researchers outlined the significant security risks from the 400 vulnerabilities found in Qualcomm’s DSP:
• Your phone spies on you: attackers could turn your phone into a perfect spying tool, without any user interaction required. Information that can be leaked from the phone include photos, videos, call-recording, real-time microphone data, GPS and location data and more.
• Your phone becomes unresponsive: attackers can leverage the vulnerabilities to render your mobile phone constantly unresponsive, making all the information stored on this phone permanently unavailable - including photos, videos, contact details, etc.
• Your phone conceals malicious activity: malware and other malicious code can be hidden from users and become unremovable.
To exploit the vulnerabilities, a hacker would need to simply persuade the target to install a simple, benign application with no permissions at all. Check Point researchers responsibly disclosed their findings to Qualcomm. The chip manufacturer acknowledged the security vulnerabilities and notified relevant vendors, issuing CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.
After conducting their research on Qualcomm’s DSP, Check Point researchers say that DSPs represent a serious attack frontier for hackers. These chips introduce new attack surface and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as "Black Boxes", since it can be very complex for anyone other than their manufacturer to review their design, functionality or code.
Yaniv Balmas, Head of Cyber Research at Check Point said: “Although Qualcomm has fixed the issue, it’s sadly not the end of the story. Hundreds of millions of phones are exposed to this security risk. You can be spied on. You can lose all your data. Our research shows the complex ecosystem in the mobile world. With a long supply chain integrated into each and every phone, it is not trivial to find deeply hidden issues in mobile phones, but it’s also not trivial to fix them.
“Luckily this time, we were able to spot these issues. But, we assume it will take months or even years to completely mitigate them. If such vulnerabilities are found and used by malicious actors, there will be tens of millions of mobile phone users with almost no way to protect themselves for a very long time. It is now up to the vendors, such as Google, Samsung and Xiaomi, to integrate those patches into their entire phone lines, both in manufacturing and in the market. Our estimation is that it will take a while for all the vendors to integrate the patches into all their phones.
“Hence, we do not feel publishing the technical details is the responsible thing to do given the high risk of these details falling into the wrong hands. For now, consumers must wait for the relevant vendors to also implement fixes. Check Point offers protection for these vulnerabilities with our mobile protection solution.”
Check Point Research has decided not to publish the full technical details of these vulnerabilities until mobile vendors have a comprehensive solution to the possible risks described. Furthermore, Check Point has updated relevant government officials, and relevant mobile vendors it has collaborated with on this research to assist in making their handsets safer, with the full research details. Apple iPhones are not affected by the vulnerabilities found in this research.