Although many people don’t know the hardware behind features such as “digital signal processors” (DSPs), fast charge, and noise reduction, security researchers have issued major security warnings to Android device users. With the development of technology, this kind of single chip with a full set of functions can help the device to fully charge in a short time, or to provide assistance for augmented reality games such as Pokemon Go.
However, researchers at Check Point, a cybersecurity firm, warn that hackers may abuse their capabilities because of the widespread potential of such chips.
At Friday’s Defcon conference, researcher Slava Makkaveev is expected to demonstrate how to use such “gateway chips” to launch attacks to gain control of Android devices.
The researchers are known to have examined the Qualcomm SnapDragon chip, which was used in more than 40 percent of Android devices, and found more than 400 vulnerabilities.
Based on the sheer number of devices, ulterior hackers or craft a malicious application that exploits these vulnerabilities to bypass routine security checks and ultimately obtain sensitive data, including photos, videos, location information, and more.
Vulnerabilities could also allow malicious apps to turn on device microphones, record calls, and even block or hide other malware on Android devices without people’s knowledge.
Qualcomm has confirmed the vulnerabilities and issued a security warning. But unless the phone manufacturer immediately patches and pushes it to end-device users, the risk of such problems will remain.
Qualcomm said in a statement: ‘We have worked hard to verify the issue and provide appropriate mitigation options for mobile phone manufacturers, even though there is no evidence that they are being exploited by hackers.’
We encourage end users to update patches as timely as patches become available and only get content from trusted sources, such as Google’s official Play Store.
Check Point researchers added that while this particular security vulnerability has been blocked, the chip itself has become a whole new platform that can be exploited by attackers and may even be the most deadly security vulnerability in the entire device.
Digital signal processors (DSPs) have been around for a long time, but security researchers aren’t paying much attention to them. One of the obstacles is the high threshold for entry.
In addition, the technical details on the chip are usually locked in by the manufacturer itself. The wide-open environment for building cars behind closed doors has made it difficult for security researchers to test for defects in DSP chips, raising some concerns in the industry.
Yaniv Balmas, head of network research at Check Point, even suspected that many of the vulnerabilities in DSP chips had not been discovered, and called for more people to join security research on the design and implementation of hardware.