More than 400 vulnerabilities in Qualcomm's Snapdragon chip installed in more than 1 billion smartphones
Cyber security company
Achilles: Small chip, big peril.-- Check Point Software
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Snapdragon chip flaws put >1 billion Android phones at risk of data theft | Ars Technica
Check Point Software names the more than 400 vulnerabilities it has discovered ' Achilles '.
Achilles is a digital signal processor (DSP) vulnerability that can be exploited when downloading chip-rendered video or other content, or when installing malicious apps that do not require permission There is a fear.
If an attacker misuses Achilles, he can obtain location information, sniff audio near the device in real time, and steal pictures and videos on the device. You can also make your device completely unresponsive. On the other hand, you can hide the fact that you are infected.
According to Check Point Software, the DSP is a black box, and it is extremely difficult for anyone other than the person in charge of the manufacturer to check the design, functions, and code, and there is a gap in risk.
Qualcomm said there was no evidence of Achilles being exploited, calling for 'updates to the device when a patch becomes available.' In addition, although it is said that the correction program has already been produced, it has not been released yet.
According to Check Point Software, there is 'no specific guidance' to help users protect themselves from Achilles. Although you should use Google Play to download apps, Check Point Software has questioned its reliability based on Google's experience of app reviews to date. There is also no effective way to identify multimedia content that has turned into booby traps.
Check Point Software will be presenting more information on this subject at its webinar on August 13, 2020.
Related Posts: