Achilles Alert: Millions of Android users are vulnerable to hackers and spies

Achilles vulnerabilities on Android Qualcomm Snapdragon chipsets
Honor X9b Ad
Honor X9b Ad

Qualcomm is the first choice of smartphone manufacturers for smartphone SoC, especially when it comes to flagships. Its Snapdragon chipsets are found in billions of smartphones. However, this popularity can be dangerous at times. Recently, researchers at Check Point have discovered over 400 bugs in Snapdragon chipsets that could make millions of Android phones at risk. Read along to know more about the defects in Qualcomm Snapdragon chipset, that has been collectively named Achilles.

Qualcomm Snapdragon Achilles: What is it?

In case if you have not heard of them, Check Point is a company that provides Cyber Security solutions and products to different enterprises. It was able to discover the vulnerabilities during the security review of Qualcomm’s Snapdragon chipsets. The research was conducted as Snapdragon are the most common chipsets in the world, covering over 40% of the total phone released in 2019.

Check Point has termed its findings “Achilles”. The researchers were able to discover over 400 pieces of code that could have been misused by hackers and spies. These codes were part of Digital Signal Processors (DSP), which is an integral component of all SoCs. These types of security reviews are rare and it explains why so many vulnerabilities were discovered.

Risks Involved

So what could these codes be misused for? According to Check Point:

  • Attackers can get access to the phones’ photos, videos, call-recording, real-time microphone data, GPS and location data, turning phones to spying devices.
  • Not only can hackers get a hold of your data, but they can also shut down the operation of your phone. In technical terms, attackers can perform Denial Of Service (DoS) attacks on infected phones, making it useless for the owner.
  • Malware can use the code to hide and make their activities undetectable.

The Solution

Fixing the Achilles is tricky as DSPs, by nature are developed as Black Box. What it means is that the internal mechanism of these processors is hidden. Thus, smartphone manufacturers can’t do anything unless a solution is issued by the chip manufacturer. Fortunately, Qualcomm has already responded to the Achilles vulnerability pointed out by Check Point in the company’s Snapdragon lineup of smartphones.

We have no evidence it [Achilles] is currently being exploited.

The chip manufacturer has already issued Common Vulnerabilities and Exposure (CVE) to relevant smartphone manufacturers. However, this doesn’t solve anything unless the smartphone brands decide to roll out security patches and update to the affected smartphones. Software support is where Android smartphones lack behind their iOS counterpoint.

Updates are generally rare for devices other than flagships and roll out are slow and less frequent. We will have to wait to see how smartphone manufacturers respond to Achilles and CVEs. If they decide to roll out updates against Achilles, they will need some time. Smartphone brands will have to identify all the DSP applications, re-compile them, and test them for stability and further flaws before the updates are ready to air.

  • Check out our review of the ASUS TUF A15 gaming laptop: