Among the many manufacturers of processors for Android, Qualcomm is the most popular thanks to its Snapdragon. However, these processors are not perfect, and a study by CheckPoint has revealed that the Californian manufacturer still has much work to improve on safety issues.
In this study, CheckPoint Research has detailed more than 400 vulnerabilities found in a very specific component of Snapdragon processors, present in mobiles from Google, Samsung, Xiaomi, OnePlus and many more.
But what is that vulnerable component and what is it for?
The Snapdragon DSP, guilty of these security problems
Mobile processors are much more than a CPU and for years they have been called System on a Chip (SoC), an abbreviation that tells us that everything necessary for the operation of the mobile is there.
Not everything is a processor: This is how manufacturers improve performance in a mobile
The processor, or better, the SoC, like a Snapdragon 845, appeals a lot to people looking for mobile; but there are more things that influence performance.
The DSP, or Processor Ssignal Digital is a very important element in the smartphone experience, although it does not usually have a great role in the technical sheets. Their role is the one indicated by their name, and their scope corresponds mainly to audio, but they also handle other multimedia tasks. Qualcomm’s DSP is so powerful that it is capable of supporting the CPU and GPU in Artificial Intelligence tasks.
The Hexagon DSP is so powerful that Qualcomm uses it for Artificial Intelligence.
However, with regard to security, it seems that it has aspects to improve, and it is that Checkpoint Resears has announced that in a study that they have called Achilles (Achilles) have found more than 400 vulnerabilities. The name of the study could not be more appropriate, and that is that the DSP Hexagon becomes the Achilles heel of the Snapdragon.
These vulnerabilities present a great risk for users, since according to the study, if this knowledge falls into the wrong hands, it could have a great impact on our experience, with these three being the greatest risks:
- An attacker could spy on your mobile without the need for user interaction: photos, videos, call recording, real-time microphone recording and GPS.
- Make your mobile unusable constantly, making all information that requires the DSP remains unavailable.
- Malware could exploit this vulnerability to hide itself and make itself impossible to remove.
When it comes to the vulnerabilities themselves, Checkpoint has decided don’t make Qualcomm security bugs public to give the company time to fix these bugs, providing details about the vulnerability to the company.