Researchers from cybersecurity firm Check Point found a security gap in the popular chipset made by Qualcomm, Snapdragon. There are at least 400 security holes that make Android phones vulnerable to being hacked. This security gap is found in the part that functions to process digital signals (DSP).
DSP handles various tasks on a cellphone, such as for charging, Augmented Reality (AR), and a number of other multimedia functions. According to Check Point, this security hole can be exploited by hackers to install malicious applications, steal user data, track user location, and even steal photos or videos.
“The DSP chip is a new target being targeted by hackers. This chip is much more vulnerable to security risks because it functions like a ‘Black Box’ because of its very complex design,” said the Check Point researcher.
In addition, through this security hole, hackers can also make Android devices unresponsive. Hackers can also hide malicious code to be embedded in the target device. However, Check Point did not disclose details regarding which Snapdragon chipsets are affected by this security gap.
Responding to the report, Qualcomm said that it is currently conducting validations and checks. According to Qualcomm, they haven’t found any evidence that the loophole has been exploited. “We are working to validate the problem and provide appropriate mitigation for OEMs.
We have no evidence that this is being exploited. We encourage end users to update their devices when a patch is available and only install applications from trusted locations such as the Google Play Store,” said a representative. Qualcomm. Summarized from Ars Technica, Monday (10/8/2020), it was not stated how many devices were affected by this security gap.
However, when calculating roughly, Check Point says that 40 percent of Android phones in the world use Snapdragon chipsets. It is estimated that there are 3 billion Android devices circulating in the global market. This means that there are likely more than 1 billion Android devices that are vulnerable to attack by hackers.