One billion Android devices exposed to attack


Security firm discovered a number of holes in Snapdragon.

The security company Check Point published a report this weekend that reveals no less than 400 vulnerabilities related to Qualcomm’s Snapdragon mobile chips. The error is said to be related to the chips’ «DSP» – Digital Signal Processor – which is located on about 40 percent of the world’s mobiles. It reports, among other things, Ars Technica.

In other words, more than one billion Android phones will be at risk, according to the company.

Can render the phone unusable
In the report, the company explains how attackers can relatively easily put your mobile out of play. All that is required to exploit the vulnerability is for the attacker to trick the victim into downloading a seemingly harmless application. The application itself will not even require additional access to the mobile, which can otherwise be a danger sign.

As soon as the app is downloaded, you are in danger of being spied on, or in the worst case that the mobile becomes completely useless, writes Forbes.

The Check Point report provides examples of how the mobile phone, for example, can be turned into a surveillance tool for the attacker, which can copy photos, record conversations, activate the microphone and track the location of the device. All without it being visible on the mobile. If the attacker wants, he can also make the mobile phone practically useless, by flooding it with data traffic (DDOS) which means that it does not «have the strength» to do anything.

Qualcomm confirms the security flaw, but says it does not yet appear that any attackers have exploited the hole.

The security hole is closed, but still dangerous
Check Point has, of course, told Qualcomm about the extensive security holes, and the company says they have closed all of them. They should also have informed all companies that use their technology about the error. But even though the problem has been discovered and fixed by Qualcomm, it is still up to each mobile manufacturer to implement the bug fix in security updates, and send them out to their customers. It can quickly take a long time.

«Even though Qualcomm has fixed the error, it is unfortunately not the end of the visa,» says Yaniv Balmas, chief researcher at Check Point.

He believes that due to Android’s fragmented nature, it will take months, maybe even years, before all mobile manufacturers have included the bug fixes from Qualcomm in a security update and sent them out to their users.

  • Hundreds of millions will remain exposed to the security hole.