Vulnerabilities in Qualcomm’s smartphone chips ensure that the devices are susceptible to cyber attacks, according to a study by security company Check Point Software Technologies on Friday.
Qualcomm’s chips are used in many Android smartphones, including those from Google, Samsung, LG, Xiaomi and OnePlus. This makes the company the largest chip supplier in that market. IPhones do not contain Qualcomm chips, because Apple makes processors itself.
The researchers discovered 400 vulnerabilities in Qualcomm’s Digital Single Processor (DSP). It is used to perform certain actions in real time, such as decoding music files while they are being played.
A hacker can exploit these vulnerabilities to create a special app. If a victim installs this software, the device is susceptible to a series of attacks. The app does not need access rights to parts of the system for this.
Device can be used for espionage
According to Check Point, an affected device can be used to eavesdrop on a device. Photos, videos and recordings can be sent to the attacker. It is also possible to spy on someone via the microphone and camera.
The app can also render a phone inoperable, preventing users from accessing their data. In addition, malware can be installed on a device via this route.
Unclear if the leak was exploited
It is unclear whether the leak was exploited by criminals. Security researchers often find unknown holes in security, because hackers do not make it clear what techniques they use.
Qualcomm has been notified of the security vulnerabilities and has since released an update to close the holes. Telephone manufacturers must make that update available themselves. After that, the owners of the smartphones can install the update.