Vulnerabilities in Qualcomm chip affect many mobile devices
Check Point Research's security researchers have discovered numerous vulnerabilities in a Qualcomm Digital Signal Processor Unit (DSP). DSPs are part of SoCs for mobile devices – such as the Qualcomm Snapdragon. The vulnerabilities are referred to as "Achilles" because they can make very serious attacks possible.
More than 400 vulnerable places in the code could be found on a DSP chip. The attack options are CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209. For example, they enable the theft of photos or videos as well as the recording of calls and GPS data. It would also be possible to make a smartphone completely unusable.
Check Point Research currently wants to keep the full technical details under lock and key in order to give affected manufacturers such as LG, Samsung and Xiaomi time to react. Of course, all the results of their own studies were made available to partners. Unfortunately, DSPs could develop into a very interesting target in the future, since fixing security gaps is very complex.
Because for this the respective manufacturer, in this case Qualcomm, has to react. Only then could the partners, i.e. the smartphone manufacturers themselves, take action. It is not known whether “Achilles” has already been exploited.
Check Point Research