Jump to content

Welcome to ExtremeHW

Welcome to ExtremeHW, register to take part in our community, don't worry this is a simple FREE process that requires minimal information for you to signup.

 

Registered users can: 

  • Start new topics and reply to others.
  • Show off your PC using our Rig Creator feature.
  • Subscribe to topics and forums to get updates.
  • Get your own profile page to customize.
  • Send personal messages to other members.
  • Take advantage of site exclusive features.
  • Upgrade to Premium to unlock additional sites features.
Tech & Science News Posting Rules
IGNORED

Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

axipher

By axipher
in Journalism & Entertainment

 Share

Recommended Posts

axipher

axipher

Folding@Home Staff
729 373
Posted
Posted

Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

 

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.

 

pGPJCULkiP05pDUb.jpg

 

Source: https://www.techpowerup.com/270838/v...ble-to-hacking

See all user awards
Link to comment
Share on other sites
axipher

axipher

Folding@Home Staff
729 373
Posted
  • Author
Posted
I wonder if the mobile pc chips are vulnerable? https://www.qualcomm.com/products/mobile-pcs

 

Good point, they don't really have a list of affected products, instead just vaguely call out the entire SnapDragon line of SoC's. At this point, probably safer to assume that you are affected, but the fact that just a video being played can trigger the vulnerability makes it very hard to defend against as just a user.

 

Could the malicious video trigger the vulnerability just by being embedded in a page, or a Discord chat? That would make this pretty darn deadly and near impossible to defend against as a user.

See all user awards
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...

Important Information

This Website may place and access certain Cookies on your computer. ExtremeHW uses Cookies to improve your experience of using the Website and to improve our range of products and services. ExtremeHW has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. For more information please see our Privacy Policy

  I accept