IT Security Aug 20, 2020

Achilles – Over 400 vulnerabilities in Qualcomm’s Snapdragon chip.

As part of its Achilles investigation, Check Point has uncovered over 400 vulnerabilities in Qualcomm’s Snapdragon DSP chip, affecting around 40% of the mobile phones used globally and making them vulnerable to attack.

Share article

The numerous vulnerabilities have already been confirmed by Qualcomm and have been listed under the following CVEs: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.

 

Which systems are affected?

All smartphones with Snapdragon chips are vulnerable, including those manufactured by Google, Samsung, LG, Xiaomi and OnePlus among others. Huawei predominantly uses its own Kirin chip and is therefore not primarily affected by the vulnerability. 

 

Currently, this vulnerability can only be exploited when the user installs a malicious application on their phones, not by clicking on links or opening e-mail attachments. It’s possible to publish these applications in the Google Play Store and the use of these official app stores therefore offers no protection.

 

During a successful attack, the malware gains full access to the smartphone and can copy data, record conversations, videos and GPS data or make the device completely unusable.

 

Qualcomm has already provided the manufacturers with an updated software package to secure all vulnerable components. However, as CVE-2020-11209 is a downgrade vulnerability in the DSP chip's hardware, it may not be possible to completely close all gaps. This means an attacker could simply use an older and still vulnerable component in a malicious application as the DSP chip only checks the digital signature and not the version.

 

How can you protect yourself?

We recommend installing all updates as soon as the manufacturers make them available, but due to fragmentation in the Android environment, this may take a while. As a rule, only applications from well-known and reliable sources should be installed.

 

As far as we know, at the current time only the Check Point Mobile Sandblast Agent offers effective protection against such threats.

Charles Kionga
Principal Consultant Geschäftsbereichsleitung IT-Security