Over 400 vulnerabilities were found in Qualcomm Snapdragon’s DSP
Cyber security research firm Check Point has managed to identify over 400 vulnerabilities in Qualcomm Snapdragon chipsets, or more specifically, in the Digital Signal Processor (DSP) of those chipsets. In a smartphone, the DSP will handle various features related to multimedia in your device, which makes its security flaws that much riskier.
By exploiting the vulnerabilities in the DSP, malicious hackers can spy on your with data from your microphone, camera and even GPS. Attackers can also render the device unresponsive, which is probably the least of your worries. According to Check Point, the malware and malicious code can be made completely invisible and unremovable from your device.
Qualcomm has already addressed the this vulnerability in the Snapdragon chipsets’ DSPs and released a patch for them. Qualcomm assigned six Common Vulnerability and Exposure (CVE) entries to them and has already notified the device vendors who are using Snapdragon chipsets. Which brings up the main issue: will the patches make it to your device.
As you might know, Qualcomm works with pretty much every smartphone vendor in the world right now. The Snapdragon chipsets are found in over 40% of all smartphones in the world, and the OEMs will be responsible to push the updates to your devices. With many OEMs still being extremely slow when it comes to pushing updates to their smartphones, you might still have to wait before your smartphone receives the patches.
With that said, Qualcomm claims that there is currently no evidence that this vulnerability has been exploited yet, but recommends users to update their devices as the patches become available, and to download apps only from trusted locations like the Google Play Store.
Pokdepinion: I wonder how fast will OEMs be able to push out the updates…