Check Point, in its research dubbed “Achilles,” discovered multiple vulnerabilities in Qualcomm’s Snapdragon Digital Signal Processor (DSP) chips, exposing over 40% of all smartphones globally to cyberattacks. If exploited successfully, the vulnerabilities allow threat actors to take control of mobile devices without the user’s knowledge.
What’s a DSP Chip?
A Digital Signal Processor is like a computer on a chip that has both hardware and software designed to optimize and enable each area of use on the device itself, including charging abilities, multimedia experiences, and advanced AR abilities. Most modern smartphones, including high-end smartphones from Google, Samsung, LG, Xiaomi, OnePlus and others, have at least one of these chips.
Flaws in DSP Chip
Check Point researchers stated that the vulnerabilities in the DSP chip allows an attacker to turn the devices into spying tools without the user’s knowledge, render the mobile phone constantly unresponsive, and inject un-removable malware with evading detection capabilities. By using a fuzzing technique against smartphones with the vulnerable DSP chip, the researchers were able to identify 400 discrete attacks.
After Check Point disclosed its findings, Qualcomm acknowledged the vulnerabilities and assigned six of the flaws with CVE listings: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209. Even though Qualcomm fixed the six flaws affecting its Snapdragon DSP chip, the smartphone makers still has to deliver fixes to their users’ devices, which means that many smartphones are still vulnerable to potential threats.
Check Point recommended organizations to use proper mobile security solutions to protect their corporate data on mobile devices.
“While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features– they do come with a cost. These chips introduce a new attack surface and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as ‘Black Boxes’ since it can be very complex for anyone other than their manufacturer to review their design, functionality, or code,” Check Point said.
“Due to the ‘Black Box’ nature of the DSP chips it is very challenging for the mobile vendors to fix these issues, as they need to be first addressed by the chip manufacturer. Using our research methodologies and state-of-the-art fuzz testing technologies, we were able to overcome these issues – gaining us with a rare insight into the internals of the tested DSP chip. This allowed us to effectively review the chip’s security controls and identify its weak points,” Check Point added.