A New Collection Of Flaws in Qualcomm Chips Puts Most Android Phones At Risk
It hasn’t been a great time for Qualcomm today after security researchers shared details about as many as 400 vulnerabilities that could potentially put a huge number of Android devices at risk.
According to reports, those who want to take advantage of the exploits could theoretically do so by having a user download a video or app, with no specific access or permissions needed. Once the exploits have been activated, an attacker could monitor audio, retrieve data, and more. Location data is also made available.
Security firm Check Point shared details about the new vulnerabilities, with Qualcomm having already issued a fix that can be used by impacted devices. However, so far, neither Android nor software shared by device makers, have implemented it. That could put a huge number of devices, all running Qualcomm Snapdragon chips, at risk.
Check Point hasn’t shared technical details about the vulnerabilities so as to avoid the chance that they will be exploited in the wild, although that might still be happening.
In a statement, Qualcomm said that users should only install apps from trusted locations and make sure their devices are updated.
Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.
While installing apps via the Google Play Store is a good idea, it isn’t unheard of for malware and other malicious apps to find their way into the store undetected. Users are now left waiting for Google and OEMs to get Qualcomm’s software fix into the wild.