Can 400 Vulnerabilities in 46 chipset effects 40% Of Android Phones
Highlights
- 40% Of Android Phones Can Hacked Due To This Flaw In Qualcomm’s
- Security vulnerabilities in Qualcomm chipset
- Qualcomm Patches Critical Security Flaw That Affects 46 Chipsets
What is Achilles?
More than a billion Android users at risk from 'Achilles' vulnerability that turns phones into spying devices. If exploited, the vulnerabilities could allow hackers access to private information such as photos and emails, or allow them to render devices unusable. Researchers from a cybersecurity firm called Check Point were the first to uncover the Snapdragon vulnerabilities. Achilles affects a portion of the chip called the digital signal processor (DSP).
How Do Achilles Work?
Today’s smartphones rely on the DSP for many of their cutting-edge features. It enables things like quick charging, HD video capture, and augmented reality (AR) features. That makes it a highly efficient component to include in smartphones. Unfortunately, it also opens several avenues for hackers to access and compromise a device. Since the DSP plays such an important role in a phone, it is also an Achilles heel-hence the name of the new group of vulnerabilities.
Working of Achilles: Call Recording, Phone Locking
Additionally, the attacker would also be able to lock all the data stored on the phone and make the phone of no use at all to the user; this has been described as a “targeted denial-of-service attack” by the researchers. Also, bad actors would also be able to exploit the vulnerabilities in the phone and hide malware without the knowledge of the owner and it would also be unremovable. Qualcomm has responded to this, saying that it has “worked diligently to validate the issue and make appropriate mitigations available” to smartphone manufacturers.
An extensive security review of Qualcomm’s DSP chip found about 400 vulnerable pieces of code that can affect smartphones.
It’s not clear how easy it is to exploit the flaws as a result. However, the researchers used “fuzz testing technologies” and other methods to identify flaws in the DSPs, which tend to be black boxes that are harder to study. Check Point noted that phone vendors couldn’t simply fix this as the chipmaker (in this case, Qualcomm) had to address the issues first.
List of flaw affects popular Qualcomm chips
- Snapdragon 200 series
- Snapdragon 400 series
- Snapdragon 625
- Snapdragon 660
- Snapdragon 670
- Snapdragon 710
- Snapdragon 820
- Snapdragon 835
- Snapdragon 845
Actions by Qualcomm
Qualcomm has listed all the affected chipsets in its security bulletin. The research firm says that the chip manufacturer has acknowledged them and even notified the relevant device vendors regarding the vulnerabilities. It assigned several CVE fixes to device vendors including CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.
Qualcomm itself provides extended support for Android devices, but that doesn’t extend to the vendors themselves. As has become all too clear, Android vendors are historically slow to deliver updates and may cut off support considerably sooner than Qualcomm. Although security patches are sometimes delivered sooner and beyond the usual support schedules, there may be millions of phones that never get fixes due to age or vendors’ update policies.
How hackers can effect
The security bug (CVE-2018-11976) can enable an attacker to gain access to private data and even encryption keys stored in the Qualcomm Secure Execution Environment (QSEE). Qualcomm has patched the flaw earlier this month, tagging it as 'critical'. The Qualcomm Security Executive Environment (QSEE) offers a safe environment to process critical data including private encryption keys and passwords. Only the app that stored the data in QSEE can access it, preventing malicious apps from accessing the sensitive data. QSEE was created to prevent anyone from gaining complete access to a device, but the latest security flaw defeats that purpose entirely. To exploit the vulnerability, an attacker needs root access on a device which isn't quite impossible.
These might be the after-effects
Furthermore, attackers may also be able to render the mobile phone constantly unresponsive making all the information stored on this phone permanently unavailable. This targeted denial-of-service attack can enable hackers to block the user from accessing photos, videos, contact details, and more. Lastly, these vulnerabilities allow malware and other malicious code to completely hide their activities and become un-removable. In this vulnerability, attackers would have to convince people to simply install an app that seems benign and bypasses the usual security measures. Once installed, the phone can be used as a spying tool by the attackers. They would also be able to gain access to the users’ photos, videos, GPS, and location data.